Update your iPhone, iPad, & Mac now to block critical security threats

Posted:
in iOS

Update to Apple's latest iOS, iPadOS, macOS, and visionOS to patch known security vulnerabilities that may have been exploited on Intel-based Macs.

iPad Air with a prominent logo on the back, standing on a white surface. Background includes a blurred shelf and colorful circular light.
iPad Air 2024



The iOS 18.1.1, iPadOS 18.1.1, macOS Sequoia 15.1.1, and visionOS 2.1.1 updates fix two major security issues in the software that runs websites and apps. Hackers could use these flaws to take control of your device or steal information through malicious web content.

Apple has also confirmed that these vulnerabilities "may have been actively exploited on Intel-based Mac systems."

Intel-based Macs are vulnerable in this case because their architecture handles certain software frameworks, like WebKit and JavaScriptCore, differently compared to devices running Apple Silicon. These frameworks are important for web browsing and executing JavaScript code, but their interaction with Intel processors may create specific weak points under some circumstances.

Apple also released iOS 17.7.2 and iPadOS 17.7.2 to address the issues on older devices that cannot update to the latest operating systems.

Security updates for iOS, iPadOS, macOS, and visionOS



One of the vulnerabilities, tracked as CVE-2024-44308 in the Common Vulnerabilities and Exposures database is tied to JavaScriptCore. JavaScriptCore is a framework used for running JavaScript code in apps and websites.

The flaw could allow attackers to execute arbitrary code on a device if a user interacts with maliciously crafted web content. Apple addressed the issue by introducing stronger checks in its software to better detect and prevent malicious activities. These checks ensure that any data or code running on the system is thoroughly validated before being processed.

The second vulnerability, CVE-2024-44309, involves WebKit, the engine that powers Safari and other web-based functions on Apple devices. The issue could enable attackers to carry out cross-site scripting (XSS) attacks by exploiting flaws in how cookies are managed.

Apple fixed the issue by improving "state management," or how its software manages and tracks certain data, like cookies, during web browsing and app interactions. The improvements make sure that hackers can't exploit flaws in the system to gain unauthorized access or perform harmful actions.

Both security flaws were discovered and reported by security researchers Clement Lecigne and Benoit Sevens.

How to protect your iPhone, iPad, Mac, and Apple Vision Pro



To keep your device secure, start by opening the Settings app on your iPhone, iPad, or Apple Vision Pro or System Settings on Mac. From there, go to the "General" section and select "Software Update" to check for the latest version available. Once the update appears, tap "Download and Install" to begin the process.

Open MacBook Air on a white surface, featuring a dark abstract spiral pattern on the screen.
15-inch MacBook Air



Before starting, make sure your device is connected to a stable Wi-Fi network to avoid interruptions during the download. Additionally, ensure your device has enough battery life, or keep it plugged into a charger to prevent it from shutting down mid-update.

The iOS 18.1.1 and iPadOS 18.1.1 updates are available for a range of Apple devices. On the iPhone side, the update supports models starting from the iPhone XS and newer.

For iPads, the update is compatible with several models, including the iPad Pro 13-inch and 12.9-inch (3rd generation and later), and the iPad Pro 11-inch (1st generation and later). Other supported devices include the iPad Air (3rd generation and later), the 7th generation iPad and newer, and the iPad mini 5th generation and later.

macOS Sequoia 15.1.1 is compatible with most Intel Macs released after 2017 and all Apple Silicon based Macs.



Read on AppleInsider

Comments

  • Reply 1 of 2

    I had to again allow apps for privacy like screen recording, capture, full disk acces etc after the 15.1.1 update… for each user account 😖

  • Reply 2 of 2
    can anyone tell me: do the beta versions of the various softwares contain these security patches (15.2, 18.2, etc)? Thanks.
Sign In or Register to comment.