Security Bite: Here’s why Apple is being vague with iOS 17.4.1 details

Last week, Apple released iOS 17.4.1 with rather vague release notes claiming to include important bug fixes and security patches. Now, two days later, the company has not yet added any specifics. This is unusual for Apple, which typically lists important security patches hours after a release, and suggests that the ones in iOS 17.4.1 could be significant.

9to5Mac Security Bite is exclusively brought to you by Mosyle, the only Apple Unified Platform. Making Apple devices work-ready and enterprise-safe is all we do. Our unique integrated approach to management and security combines state-of-the-art Apple-specific security solutions for fully automated Hardening & Compliance, Next Generation EDR, AI-powered Zero Trust, and exclusive Privilege Management with the most powerful and modern Apple MDM on the market. The result is a totally automated Apple Unified Platform currently trusted by over 45,000 organizations to make millions of Apple devices work-ready with no effort and at an affordable cost. Request your EXTENDED TRIAL today and understand why Mosyle is everything you need to work with Apple.

The update comes two weeks after Apple released iOS 17.4, which brought major changes to the iPhone in the European Union, mostly around the App Store, with support for alternative app marketplaces.

The release notes for iOS 17.4.1 simply say, “This update provides important bug fixes and security updates and is recommended for all users,” with a message to visit an Apple support page for additional information. The page, however, notes that details on the update are still “coming soon.”

This is not a coincidence. And could mean several things.

It’s possible Apple doesn’t want to risk disclosing details about the iOS 17.4.1 security patches before the company has concluded its own investigation. The update we received may have been a quick fix to prevent any further damage.

“For the protection of our customers, Apple doesn’t disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are generally available,” Apple states on its security releases page.

Another possibility, which I think is most likely the reason, is that Apple is currently working on patching the same vulnerabilities on the Mac. On Thursday, we got the security updates to iOS, iPadOS, and VisionOS, leaving out macOS Sonoma. Mac users could still be at risk, and disclosing details about known CVEs in other products could leave a hole in Apple’s security posture.

Regardless, users should update their devices immediately.

The new security update is available on the following supported devices:

• iPhone XS and later
• iPad Pro 12.9-inch 2nd generation and later
• iPad Pro 10.5-inch
• iPad Pro 11-inch 1st generation and later
• iPad Air 3rd generation and later
• iPad 6th generation and later
• iPad mini 5th generation and later
• Apple Vision Pro

I’ll update this post as we learn more.

ICYMI: Security headlines