It’s still going to be another few weeks until we get the next round of new products, but Apple is still hard at work on the software running on our existing devices. This week alone, Apple released new betas for iOS 17, macOS 14, watchOS 10 and the rest of the software updates coming this fall, as well as a slew of updates to the current operating systems.
On Monday, Apple released numerous updates for both new and old devices going all the way back to the iPhone 6s. They are free of new features, but they include numerous security updates, several of which are critical:
iOS 16.6 and iPadOS 16.6
Security updates: 16
iOS 15.7.8 and iPadOS 15.7
Security updates: 10
macOS Ventura 13.5
Security updates: 29
macOS Monterey 12.6.8
Security updates: 15
macOS Big Sur 11.7.9
Security updates: 12
watchOS 9.6
Security updates: 12
tvOS 16.6
Security updates: 8
Across the various updates, there are several patches for high-risk vulnerabilities affecting all of the operating systems. Specifically, two of the flaws may have been actively exploited and one is a new zero-day. The WebKit flaw was previously addressed in the Rapid Security Response updates for iOS 16, iPadOS 16, and macOS Ventura, but is new to the other OSes:
Kernel
- Impact: An app may be able to modify sensitive kernel state. Apple is aware of a report that this issue may have been actively exploited against versions of iOS released before iOS 15.7.1.
- Description: This issue was addressed with improved state management.
- CVE-2023-38606: Valentin Pashkov, Mikhail Vinogradov, Georgy Kucherin (@kucher1n), Leonid Bezvershenko (@bzvr_), and Boris Larin (@oct0xor) of Kaspersky
WebKit
- Impact: Processing web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.
- Description: The issue was addressed with improved checks.
- WebKit Bugzilla: 259231
CVE-2023-37450: an anonymous researcher
In addition to those two bugs, there are several other WebKit patches that address flaws that “may lead to arbitrary code execution” or disclose personal information to hackers. So it’s fair to say these are among the most important updates of the year, so if you have an Apple device made after 2015, you should update it ASAP.
To update your device, head over to the Settings app (or System Settings/Preferences on a Mac) and select General>Software Update, then Install and follow the prompts.