Plenty of updates for older devices too: If you don’t want to update to iOS 17.1 and macOS 14.1 yet, you should still take a look at the software update for your Apple device. This is how Apple now delivers iOS and iPadOS 15.8, iOS and iPadOS 16.7.2 as well as macOS 12.7.1 (Big Sur) and 13.6.1 (Ventura). The new one is also available for the older macOS versions Version 17.1 of Apple’s Safari browserwhich is offered for Big Sur and Ventura as a single download that can be installed without restarting.
Advertisement
Why you should update
A look at the patch lists that Apple published at the same time demonstrates how important the updates are – although Apple, as usual, tends not to close all the gaps in older systems that have been fixed in the current OS. iOS 15.8 and iPadOS 15.8, which are available for iPhone 6s, iPhone 7, iPhone SE 1, iPad Air 2, iPad mini 4 and iPod touch 7, have fixed a serious kernel flaw that is already being exploited by attackers, such as Apple announces (CVE-2023-32434). Over a dozen holes are plugged in iOS and iPadOS 16.7.2. In macOS 12.7.1 and 13.6.1 there are also over a dozen, including critical ones – although none for which there are reports of attacks (at least according to Apple).
Commendably, Apple also provides direct information about the in macOS 14.1 and iOS and iPadOS 17.1 resolved security issues. For iOS 17 and Co., Apple delayed this disclosure process and only distributed information when macOS 14 was released. macOS 14.1 comes with almost 40 areas in which holes have been plugged. Almost everything is affected, from the AppSandbox to contacts, “Find My?”, Foundation, the FileProvider, Maps or the kernel. There was also a “logic error” in the passkeys that could be used to scan data. In several cases, malicious code can be executed, sometimes with kernel privileges.
iOS 17.1 and iPadOS 17.1 with many fixes
The fixes in iOS 17.1 and iPadOS 17.1 are not quite as extensive as in macOS 14.1, but there are still almost 30 affected areas. Here too, “Where is?”, passkeys, kernel and weather are full of holes – code execution (some with kernel rights) is sometimes included. A bug in Status Bar prevented the device from going into lockscreen mode.
Furthermore, some errors in WebKit have been fixed – directly in iOS, iPadOS and macOS as well as in the mentioned Safari individual download for Big Sur and Ventura. After all, it appears that no evil code can be executed with kernel rights, but without it. Information about fixes in watchOS 10.1 and tvOS 17.1 are also available – here too you should update quickly.
(bsc)