Once again, those dialogs do not link to the release notes for each patch and instead point to Apple’s list of security updates (Opens in a new window)-a dusty bookshelf of a page indexing patches going back to Jan. The software-update dialogs shown on an iPhone, iPad, or Mac are much less specific, falling back on the usual vague descriptions of “security improvements and bug fixes” (as shown for the Safari patch on a Mac mini running macOS Monterey) and “bug fixes and security updates” (on an iPad mini 6). The iPhone, iPad, and Mac patches also close a common kernel vulnerability that could let an app “execute arbitrary code with kernel privileges,” while the Mac fix addresses a bug that an app could exploit to “observe unprotected user data.” There’s no mention of those issues being actively exploited. Those notes say that Apple fixed the “type confusion issue” at fault “with improved checks.” In plainer English, that means that going to the wrong website can put malware on your machine, and an Apple customer somewhere in the world has probably learned about this the hard way. “Apple is aware of a report that this issue may have been actively exploited.” “Processing maliciously crafted web content may lead to arbitrary code execution,” warns the relevant part of the release notes for iOS/iPadOS 16.3.1 (Opens in a new window), Safari 16.3.1 (Opens in a new window), and macOS 13.2.1 (Opens in a new window). The common risk addressed by updates now available for iOS 16, iPadOS 16, macOS Ventura and the current edition of Apple’s Safari (available for the preceding Big Sur and Monterey versions of macOS) is a vulnerability in the WebKit framework inside that browser. And to judge from the release notes for its Mac, iPhone, and iPad updates, you should install these fixes as soon as possible. It’s Patch Monday at Apple, with the company pushing out security updates for all of its platforms at once.
0 kommentar(er)
