If you own an Apple product, update your operating system now
Apple distributed updates this week for iPhone, iPad, Mac, Apple TV devices, and Apple Watch While iOS 15 and iPadOS 15 had already been fixed, macOS, iOS/iPadOS 14, watchOS, and tvOS patched one of the flaws that has been under active attack
Many of the security vulnerabilities fixed are quite serious, and hackers and other malicious people are no doubt already trying to exploit them
On the iPhone and iPad, updates can be installed by going to Settings > General > Software Update If you are still using iOS 14, you will also see an option to upgrade to iOS 15, but you don't have to take it - more on that later
On a Mac, you should see a notification that a software update is available If not, click on the Apple icon in the upper left corner of the screen to open the main menu, then System Preferences, then Software Update
Check the box labeled "Automatically keep my Mac up to date" and you won't have to worry about this
Here's what you should upgrade which Apple devices to what:
Even Monterey, Apple's just-released macOS upgrade, was upgraded to version 1201 the first day to fix about 40 security issues upgraded to version 1201 to fix about 40 security issues
Among them were two problems with gameplay data, reported earlier this year by Russian researcher Denis Tokarev He accused Apple last month of ignoring these and two other issues
Surprisingly, these flaws were not fixed in the upgrade to macOS Big Sur; about 20 flaws were fixed and the previous Mac OS was version 1161 They were also not fixed in the macOS Catalina security update
The flaw, which is already under active attack, received catalog number CVE-2021-30883 and contains a memory corruption issue that could lead to "arbitrary code execution" (that's hacking to you and me) with kernel privileges, the highest level of system privileges
It is not clear how this is being exploited or by whom It is also not clear why this flaw was patched in iOS 1502 and iPadOS 1502 on October 11, but not in Apple's other operating systems until this week
Many of the other flaws can also execute arbitrary code if the device opens harmful websites, PDFs, or image files Some also involve kernel privileges, which are fundamental to Apple's closely related operating system Others involve privilege escalation, in which a user or process with limited privileges gains greater privileges
Apple's unstated but long practiced policy is to provide fixes not only to the current Mac operating system (currently Monterey) but also to the two previous ones (currently Big Sur and Catalina) This likely means that macOS 1014 Mojave will no longer receive security updates
However, Apple is implementing its newly announced policy of providing security updates for iOS 14, the predecessor to iOS 15 Both iPhone OS and iPad OS will receive security patches
However, as with the Mac patches, older operating systems will not receive all the fixes iOS 15 and iPadOS 15 updates to version 151 will fix 22 flaws, while iOS 14 and iPadOS 14 updates to version 1481 will only 12 fixes only 12 defects Some of the remaining defects may be specific to iOS 15 After all, two defects in iOS 14 seem to be limited to that OS
The three-year-old iOS 12 received a security patch a month ago, but not this week, as many devices, including the iPhone 5, iPhone 6 and 6 Plus, iPad mini 2 and 3, and the original iPad Air, cannot be upgraded to iOS 13 or later, Apple is unofficially supporting iOS 12 long past its sell-by date We'll see if Apple sneaks out a patch for iOS 12 in the coming weeks
Comments