iOS 17.3 Stands Out from Other OS Updates with Stolen Device Protection
Apple has triggered another large set of operating system releases, of which iOS 17.3 is the most notable thanks to its inclusion of the highly anticipated Stolen Device Protection feature (see “Apple to Introduce Stolen Device Protection in the Upcoming iOS 17.3,” 14 December 2023). iOS 17.3, iPadOS 17.3, and macOS 14.3 Sonoma also support collaborative Apple Music playlists, and watchOS 10.3 sports a new Unity Bloom watch face to celebrate Black History Month. Let’s look briefly at each update:
- iOS 17.3: Along with the new Stolen Device Protection, which you toggle in Settings > Face ID/Touch ID & Passcode, iOS 17.3 lets you invite friends to collaborate on playlists in Apple Music, add emoji reactions to collaborative playlist tracks, stream content to TVs in select hotel rooms using AirPlay, and see coverage for all your devices in Settings > AppleCare & Warranty. It also includes a new Unity wallpaper and crash detection optimizations for all iPhone 14 and iPhone 15 models. We’ll write more about Stolen Device Protection soon. iOS 17.3 also addresses 15 security vulnerabilities, one of which is a zero-day vulnerability in WebKit.
- iPadOS 17.3: As is often the case, iPadOS 17.3 tracks closely with iOS 17.3, offering the same changes apart from the iPhone-specific Stolen Device Protection and crash detection optimizations.
- macOS 14.3: Sticking to the party line, macOS 14.3 supports the collaborative playlists, emoji reactions in collaborative playlists, and the AppleCare & Warranty information in System Settings. It also addresses 16 security vulnerabilities, including the WebKit zero-day. On the enterprise side, macOS 14.3 fixes a bug that prevented Xsan volumes from failing to mount automatically, allows passwords to be changed successfully at the login window, improves reliability authenticating to an SMB print server, and improves reliability using single sign-on when using a proxy for associated domain traffic.
- watchOS 10.3: The watchOS 10 release notes page says the update “includes new features, improvements, and bug fixes” but details only the new Unity Bloom watch. I suspect nothing else is notable. watchOS 10.3 also addresses 12 security vulnerabilities.
- tvOS 17.3: Provides performance and stability improvements and addresses nine security vulnerabilities, including the WebKit zero-day.
- HomePod Software 17.3: Provides performance and stability improvements.
- macOS 13.6.4 Ventura: Addresses 10 security vulnerabilities, including the WebKit zero-day, and fixes a bug that could prevent Xsan volumes from mounting automatically.
- macOS 12.7.3 Monterey: Addresses six security vulnerabilities, including the WebKit zero-day.
- Safari 17.3: Addresses four security vulnerabilities, including the WebKit zero-day.
- iOS 16.7.5 and iPadOS 16.7.5: Addresses nine security vulnerabilities, including the WebKit zero-day.
- iOS 15.8.1 and iPadOS 15.8.1: Addresses two security vulnerabilities, including an older zero-day the company fixed in subsequent versions of iOS and iPadOS last month (see “Apple’s End-of-Year OS Updates Add Promised Features, Security Updates,” 11 December 2023).
Overall, these updates aren’t sufficiently compelling to warrant immediate updates. I recommend updating to iOS 17.3 soon if you want to turn on Stolen Device Protection or regularly stay in hotels that might support AirPlay. Otherwise, I encourage waiting a week to see if issues appear online and then installing to block the zero-day vulnerability.
Why is “Stolen Device Protection” not included with the iPad or even the Mac?
Maybe the Ventura/Monterey updates will quietly address the unwanted “upgrades” to Sonoma in this other article?
None of my Macs are affected so I can’t investigate this myself.
I’ll admit I’m skeptical, but there is definitely reason to hope otherwise: one of the unmentioned bug fixes in this update applies to virtualized older macOS versions not being able to properly apply macOS updates. So most likely, the 14.3/13.6.4/12.7.3 update touched the Software Update mechanism and how it works on older versions of macOS.
Is unlocking with Apple Watch newly able to authorise Siri requests? It’s not how I remember the feature in the past, but I could easily have misremembered. I ask because, in turning on Stolen Device Protection, I found that I also had to reenrol my watch for unlock. It’s an impressive capability, now that you can authorise Siri requests using it. Example: ask Siri to toggle a focus while your phone is in your pocket, you wear your watch, and Control Centre is disallowed while locked; you should find that it now works (with haptic confirmation).
Because the threat model that it protects against doesn’t apply to anything but the iPhone. The concern is a thief shoulder-surfing a passcode, then snatching an iPhone and running. Before this, they could use the passcode to change the Apple ID password and take over the person’s life. That’s unlikely to happen with an iPad and even less likely with a Mac.
With Stolen Device Protection enabled, Face ID or Touch ID will be required to make certain changes.
What I haven’t had a chance to check yet is if, once enabled, it also applies to your other devices.
Honestly my guess is that Siri on the watch, which is unlocked on your wrist, is the one changing the focus and syncing the change to the rest of your devices. I change focus modes on the watch sometimes and on the phone sometimes, though generally not with Siri. Just from control center on whichever device is handy.
Is that true? I get the Mac, but I bet there are many people with an iPad that in spite of all warnings use a 4 or 6 digit code. If they can be observed typing it in on their iPhone, the same could apply to their iPad, couldn’t it?
It’s not inconceivable, but the Wall Street Journal hasn’t mentioned any iPads being compromised in this way. The exploit seems to be focused on crowded bars where people are careless and potentially drunk. It’s not my scene, but I’d be surprised if iPads were commonly used in such situations.
I sure get that. I guess I’m just trying to verify that there is nothing fundamental preventing this scheme from being exploited on an iPad as on iPhone.
Why not include it for the iPad, if I want to have a higher level of security? It’s no burden on Apple.
Not my decision, obviously, but everything comes with a cost, even for Apple. Perhaps it will be added in a future update or perhaps not…
AppleInsider just posted an overview of Stolen Device Protection:
One thing I noticed is that there are certain system features that will require biometric authentication without any ability to fall back to a passcode. These include:
Now, these all make perfect sense from the standpoint of security, but I’m wondering what you can do if, after activating this feature, your phone’s biometric sensor fails. Suppose the dot-projector in your phone dies so FaceID no longer works. Is there any possible way to recover? It seems that the stolen device protection will make it impossible to disable FaceID or wipe the device.
Will you be able to put it into recovery mode, clean-install the OS and restore a backup? Or will your device permanently lose access to all of the protected features?
UPDATE 1/24/2024
Now that I’ve updated my phone to 17.3, I tried this out. I enabled SDP. Then I tried to disable it while holding my finger over the FaceID sensor array. After two failed attempts, it asked for the passcode, which worked (I assume because I was trying at home, which is a truste location).
In such a case you’d just turn off SDP. Turning off SDP allows for passcode fallback. Usually, that will come with a 1-hr delay (for protection), but if you do this in a trusted location (home, work) there isn’t even that delay. No need for erase/restore. Apple has thought this through.
Can SDP be turned off with just a passcode from a trusted location? The AI article seemed to say that it will also require biometric authentication (with the hour-delay and reauthentication if not in a trusted location).
I may have to test this after I get around to upgrading my phone.
No, the article is quite clear. Turning off SDP is listed in the 2nd list which is the set of tasks that support passcode fallback. Only tasks on the 1st list absolutely require biometric authentication.
The 1-hr delay is an additional feature, not related to fallback yes/no.
One reason could be Apple wants to see adoption levels and the impact on Support/AppleCare call volume before rolling out SDP to iPadOS.
Unless it’s marked as lost or stolen, I’d guess it could be restored from a backup or iCloud. Having no backup in the first place is just asking for trouble.
Yesterday I did test this after upgrading my phone. @Simon is correct. I blocked the FaceID sensor with my finger and after two failed attempts at face validation, it asked for the passcode, which worked.
Woo! macOS 14.3 fixes the bug with printing lists in Contacts.
Bleh! Looks like you’re right. I positioned myself far enough away from my phone that I could still hear it, but not be recognised by it, and even with an unlocked watch my phone’s Siri would not let me change focus without unlocking first. Awww … that’s too bad! Thanks for clearing that up.
No mention thus far whether SDP knows where Home and Work are if Settings > Privacy > Location Services > SystemServices > Significant Locations is turned off. Hmm… [EDIT: ok, I completely didn’t read this thread…]
I have not had a positive experience updating to 17.3. First on my iPhone 12 Mini it updated by itself —no input from me. Right after, the phone totally froze! I tried pushing the volume and power buttons to no avail. Then I did a Google search on how to unfreeze a phone. I finally found a YouTube video that fixed it.
I have a Zagg keyboard attached to my iPad Air 5 (newest one), (Other than the unauthorized update and freeze)— I didn’t encounter any problems on the phone using the update . So I updated my iPad. NO EMOJI’S!!!. The “globe/emoji” key on the Zagg keyboard no longer works!
I realize an emoji is not important to some people, but I used them all the time! I see on Google that there are many complaints about the way Apple has handled emojis. Supposedly you click on stickers, then faces and you see them. Why add 2 extra steps when they were already convenient? And from what I have read, Apple has made the “globe” key on 3rd party keyboards non-functional! I am not happy!
HOW TO FORCE RESTART YOUR IPHONE IF IT IS FROZEN
1.YOUTUBE VIDEO
Here is the link to that You Tube video to unfreeze your Apple device… This is the best one I looked at. He showed what to do all the way until the iPhone started again and had to add the passcode. My iPhone took a while. I almost gave up and lifted my finger off the Power button. Do what he says —keep your finger on the power button!
How to Restart a Frozen iPhone
———
2 Apple Support
Force restart iPhone
If iPhone isn’t responding, try forcing it to restart.
——-
Note: Apple’s page shows you the steps to take. For me, watching the YouTube and actually seeing what to do was better. YMMV
Maybe this is a little off-topic, but this article prompted me to immediately update my iPhone to iOS 17.3. After this update I discovered that I can no longer successfully search my calendar. I’m wondering if this is a known issue or if anyone has experienced this problem.
Essentially, no matter what I search for, the response is “No Results”. I have several calendars and the weird thing is that through experimentation I discovered that it is actually searching two seldom used calendars, but not all of my calendars and not my main calendars. My two main calendars, my “Personal Calendar” that I share with my wife, and my private “Work Calendar” will return no results, but a Calendar of Japanese Holiday schedules that I subscribe to, and an NFL Football Schedule Calendar that I subscribe to WILL return results (though that’s not much use really). I’ve tried turning calendars on and off, restarting my phone etc. but nothing helps.
Anybody else?
Mine is working fine for future and past searches