These iphones and ipads just got an emergency security patch — Update now

These iphones and ipads just got an emergency security patch — Update now

If you've been using an iPhone, iPad, or Mac for several years, take note: Apple has patched older iPhones and macOS Catalina to fix three security vulnerabilities that were exploited by hackers

Devices from iPhone 5s through iPhone 6 Plus, the first two iPad Air models, iPad Mini 3, and the 6th generation iPod Touch can now be upgraded to iOS 1255

There is also a security patch for macOS 10157 Catalina (the ninth without a "point" upgrade) for iMacs, MacBooks, and Mac Minis released between 2012 and 2014 that cannot upgrade to macOS 11 Big Sur users will benefit

However, there is still no apparent fix for another flaw that affects all versions of macOS up to the latest version of Big Sur

To update your iPhone, tap Settings > General > Software Update; to update your Mac, click the Apple icon in the upper left corner, click System Preferences or Software Update, and follow the prompts Follow the prompts

This new iOS 12 update fixes two flaws cataloged as CVE-2021-30858 and CVE-2021-30860, which were first patched in the new iPhone with the release of iOS 148 last week and macOS upgraded to 116 Big Sur were patched for the first time

The latter vulnerability has been used by clients of an Israeli spyware company called NSO to spy on dissidents, diplomats, and politicians, especially in the Middle East The other flaw has also been exploited, but it has not been disclosed who was hacking whom or even who discovered the vulnerability

iOS 1255 also fixes CVE-2021-30869, a new flaw that allows "malicious applications" to execute their own code on devices, according to an Apple security bulletin This is thanks to a "type confusion issue" in XNU, the kernel at the core of all current Apple operating systems, including iOS and macOS

Credit for discovering this vulnerability goes to Erye Hernandez and Clément Lecigne of the Google Threat Analysis Group, plus Ian Beer of Google Project Zero

As with the other two flaws, Apple has stated that it is "aware of reports of an exploit for this problem in the wild" It has said nothing more than that

However, Shane Huntley of Google's threat analysis group said on Twitter that the flaw was used in conjunction with another flaw targeting the rendering engine that drives Apple's Safari browser He added that more information would be released later next month

The fix for CVE-2021-30869 is the entirety of a new patch for macOS Catalina The fact that this flaw is not patched in macOS Big Sur or iOS 15 indicates that it is either not present in these newer operating systems or is impossible to exploit

Apple continues to provide iOS 12 security updates for 2013 and 2014 iPhones and iPads (the same years as the older Macs that were patched) despite its general policy of not supporting mobile devices older than five years

Categories