If you own an Apple product, update your operating system now.
Apple distributed updates this week for iPhone, iPad, Mac, Apple TV devices, and Apple Watch. While iOS 15 and iPadOS 15 had already been fixed, macOS, iOS/iPadOS 14, watchOS, and tvOS patched one of the flaws that has been under active attack.
Many of the security vulnerabilities fixed are quite serious, and hackers and other malicious people are no doubt already trying to exploit them.
On the iPhone and iPad, updates can be installed by going to Settings > General > Software Update. If you are still using iOS 14, you will also see an option to upgrade to iOS 15, but you don't have to take it - more on that later.
On a Mac, you should see a notification that a software update is available. If not, click on the Apple icon in the upper left corner of the screen to open the main menu, then System Preferences, then Software Update.
Check the box labeled "Automatically keep my Mac up to date" and you won't have to worry about this.
Here's what you should upgrade which Apple devices to what:
Even Monterey, Apple's just-released macOS upgrade, was upgraded to version 12.0.1 the first day to fix about 40 security issues. upgraded to version 12.0.1 to fix about 40 security issues.
Among them were two problems with gameplay data, reported earlier this year by Russian researcher Denis Tokarev. He accused Apple last month of ignoring these and two other issues.
Surprisingly, these flaws were not fixed in the upgrade to macOS Big Sur; about 20 flaws were fixed and the previous Mac OS was version 11.6.1. They were also not fixed in the macOS Catalina security update.
The flaw, which is already under active attack, received catalog number CVE-2021-30883 and contains a memory corruption issue that could lead to "arbitrary code execution" (that's hacking to you and me) with kernel privileges, the highest level of system privileges.
It is not clear how this is being exploited or by whom. It is also not clear why this flaw was patched in iOS 15.0.2 and iPadOS 15.0.2 on October 11, but not in Apple's other operating systems until this week.
Many of the other flaws can also execute arbitrary code if the device opens harmful websites, PDFs, or image files. Some also involve kernel privileges, which are fundamental to Apple's closely related operating system. Others involve privilege escalation, in which a user or process with limited privileges gains greater privileges.
Apple's unstated but long practiced policy is to provide fixes not only to the current Mac operating system (currently Monterey) but also to the two previous ones (currently Big Sur and Catalina). This likely means that macOS 10.14 Mojave will no longer receive security updates.
However, Apple is implementing its newly announced policy of providing security updates for iOS 14, the predecessor to iOS 15. Both iPhone OS and iPad OS will receive security patches.
However, as with the Mac patches, older operating systems will not receive all the fixes. iOS 15 and iPadOS 15 updates to version 15.1 will fix 22 flaws, while iOS 14 and iPadOS 14 updates to version 14.8.1 will only 12 fixes only 12 defects. Some of the remaining defects may be specific to iOS 15. After all, two defects in iOS 14 seem to be limited to that OS.
The three-year-old iOS 12 received a security patch a month ago, but not this week, as many devices, including the iPhone 5, iPhone 6 and 6 Plus, iPad mini 2 and 3, and the original iPad Air, cannot be upgraded to iOS 13 or later, Apple is unofficially supporting iOS 12 long past its sell-by date. We'll see if Apple sneaks out a patch for iOS 12 in the coming weeks.
Comments