Quick update at the beginning of the week: Apple released macOS 14.4.1 for download on Monday evening. The update, which is just under 1.15 GB on a fully patched system, fixes several (some very annoying) errors and also closes problematic security holes. Apple also belatedly commented on the security content of iOS 17.4.1 and iPadOS 17.4.1, which were released last week.
Advertisement
Java crash and USB-C hub annoyance
macOS 14.4 caused some trouble for Mac users. Certain USB-C hubs – especially those that are built directly into monitors – suddenly stopped working properly and accessories such as keyboards lost contact with the Mac. In the worst case, Java applications could crash constantly and understandably – even up to the latest JDK, as Oracle announced.
According to Apple’s release notes, USB(-C) hubs should now be recognized again in macOS 14.4.1 – even on external displays. The problem with unmotivated Java crashes has also been fixed. Finally, a problem with copy protection systems for audio unit plug-ins that suddenly could no longer be opened or refused validation in Logic Pro and other professional DAWs was also resolved. This affected that iLok system. Why all the errors were not discovered during the beta, which lasted several weeks, remains Apple’s (and in the case of Java also Oracle’s) secret.
Be careful, security holes!
There are also two gaps in macOS 14.4.1 that allowed arbitrary code to be executed (but apparently not with root rights). This was possible via manipulated images and was triggered by an out-of-bounds write problem. This should no longer occur through improved validation. Both problems, which were in CoreMedia and WebRTC and have the CVE ID 2024-1580, were discovered by Nick Galloway from Google Project Zero. Apple has not provided any information about exploits that may exist in the wild.
iOS 17.4.1 and iPadOS 17.4.1 also fix the two image bugs. The same applies to visionOS 1.1.1 for the Vision Pro as well iOS 16.7.7 and iPadOS 16.7.7 for users of older iPhones and iPads (or iOS and iPadOS versions). Apple also provides macOS Ventura 13.6.6 with both fixes as well Safari 17.4.1 available as a single download for macOS Monterey and Ventura, the latter new browser version plugs the image hole in WebRTC.
(bsc)