Latest iOS 15 and macOS 12 updates contain critical security patches

Posted:
in General Discussion
Nearly every operating system update contains fixes for security vulnerabilities, and the latest releases are no exception. Find out what has been patched by iOS 15.6, macOS 12.5, and the others.

Apple's updates provide critical patches for security vulnerabilities
Apple's updates provide critical patches for security vulnerabilities


Apple doesn't disclose or confirm security issues until an investigation has occurred and patches are made available. On Wednesday, Apple released a slew of updates for its devices to ensure continued secure and stable operation.

Apple released iOS 15.6, iPadOS 15.6, watchOS 8.7, tvOS 15.6, macOS Monterey 12.5, macOS Big Sur 11.6.8, and macOS Catalina 10.15.7 2022-005 with various security patches and other fixes. Due to Apple's operating systems sharing a lot of code base and functionality, a single fix can be applicable across every OS.

Most of the fixes are related to unauthorized permissions being granted to an attacker, app, or user. Several vulnerabilities were addressed across every operating system.

  • An issue with APFS could give an app with root privileges the ability to execute arbitrary code with kernel privileges. Fixed with improved memory handling. CVE-2022-32832

  • A remote user may be able to cause kernel code execution thanks to a vulnerability with Apple AVD. A buffer overflow issue was addressed with improved bounds checking as a fix. CVE-2022-32788

  • An app may be able to gain root privileges through the AppleMobileFileIntegrity kernel extension. An authorization issue was addressed with improved state management. CVE-2022-32826

  • An app may be able to execute arbitrary code with kernel privileges through the audio extension. An out-of-bounds write issue was addressed with improved input validation. CVE-2022-32820

  • A remote user may cause an unexpected app termination or arbitrary code execution through the CoreText extension. The issue was addressed with improved bounds checks. CVE-2022-32839

There are several more patches for each operating system, some specific to an individual OS. Apple generally discloses if any vulnerabilities are actively being used by exploits in the wild.

Users generally don't need to worry about specific fixes applied in an update. It is important to install an update as soon as practical balanced against the needs of mission-critical software to ensure device security is sound.

Those interested in detailed information about every security update can visit Apple's security update website.

Read on AppleInsider

Comments

  • Reply 1 of 10
    What is Appleinsiders stance on updates? In one post it is wait a few days before installing and in this one it is install as soon a practically possible!?
    muthuk_vanalingamwatto_cobra
  • Reply 2 of 10
    twokatmewtwokatmew Posts: 48unconfirmed, member
    I'm not waiting. Retired IT security pro here. But they're your devices. 😊
    caladanianmwhitedewmeAlex1Nkillroywatto_cobra
  • Reply 3 of 10
    bonobobbonobob Posts: 396member
    Backing up first, then updating.  If there's a problem with the new release, I can recover.
    mwhitekillroywatto_cobratwokatmew
  • Reply 4 of 10
    maltzmaltz Posts: 513member
    What is Appleinsiders stance on updates? In one post it is wait a few days before installing and in this one it is install as soon a practically possible!?

    That's because not all updates are equal.  If they're patching a serious, in-the-wild security issue, then benefits of updating ASAP outweigh the dangers.  Especially if you're several versions in to a major release, as this is.  If the security issues are serious, but not in-the-wild, then waiting a day or two may still be prudent.  If there are no major security issues being fixed, and you're not experiencing any problems yourself, then waiting a week or more might even be appropriate.
    dewmekillroywatto_cobra
  • Reply 5 of 10
    mwhitemwhite Posts: 287member
    bonobob said:
    Backing up first, then updating.  If there's a problem with the new release, I can recover.

    I always back up before doing any updates you never know.
    watto_cobra
  • Reply 6 of 10
    michelb76michelb76 Posts: 707member
    This version still has the memory leak the betas had.
  • Reply 7 of 10
    macguimacgui Posts: 2,498member
    michelb76 said:
    This version still has the memory leak the betas had.
    I infer from that statement the memory leak is a product of iOS 15.6 and not earlier. If true, this is the one thing that really bugs me about updates... Introducing new problems, possibly more than it solves. Or maybe it's just fix one problem, create another.

    So how bad is this memory leak problem and what workaround can be done to fix it? Restart the phone? Force retstart (Apple isn't crazy about random forced restarts IIRC)? Or do we just hang tough until iOS 15.7 fixes the leak.
    watto_cobra
  • Reply 8 of 10
    My 2021 iPad Pro just locked up completely when I went to update to 15.6 and now requires a full erase and restore.   Hopefully my iCloud backup ran last night even though I wasn't plugged in to power.  
    pulseimageswatto_cobra
  • Reply 9 of 10
    michelb76 said:
    This version still has the memory leak the betas had.
    Any sources for this? Memory leak is a serious issue in a mobile OS with limited RAM, so the impact would be significant (i.e. people needing to restart their phones almost on a daily basis). It would be a headline news all over the world if memory leak issue is present in iOS.
    watto_cobra
  • Reply 10 of 10
    I’m going to hold off updating any of my devices. Just tried to update my Apple TV 4K when the screen started flickering like crazy. 
    watto_cobra
Sign In or Register to comment.