It’s been a rough week for Apple, and it’s only Tuesday. The company announced a new iMac with the M4 chip. We debuted the new Mac mini with M4 and M4 Pro. And a new operating system update launches Apple Intelligence on compatible Macs, iPhones, and iPads. But iOS 18.1 and macOS 15.1 aren’t just about Apple Intelligence. In addition to other non-AI features, these updates also include fixes for dozens of security vulnerabilities across devices. Of those, 27 occurred on iPhones and iPads, and 50 of those occurred on iPhones and iPads. Mac.
Apple doesn’t include security details in the general release notes for software updates, so these fixes tend to be under the radar. However, the company posts security advisories online immediately after distributing updates to users. You can now see what’s included in both iOS 18.1 and iPadOS 18.1, as well as macOS 15.1. These updates (particularly macOS 15.1) include a number of security patches, but the good news is that none of these vulnerabilities are zero-days (security flaws discovered before a fix is ready). None of them are known to cause problems. Active exploitation in the real world. This means that users running updates prior to iOS 18.1 and macOS 15.1 are not at significant risk at this time.
Still, you should update it as soon as possible. Now that the details of these vulnerabilities are known, it’s only a matter of time before malicious parties find a way to exploit them.
What flaws did Apple fix?
Several vulnerabilities stood out in macOS. For example, an app could access information about your contacts, read sensitive location information through “Find My,” or leak sensitive kernel state. Downloading a malicious image can result in a denial of service attack, an attack that overloads your Mac and makes it inaccessible. If an attacker gains physical access to your Mac, they may be able to bypass the login window during software updates. Even Safari’s private browsing mode can expose your browsing history.
iOS and iPadOS allow a malicious attacker with physical access to your device to view sensitive information even when the device is locked. This also includes contact photos that can be accessed through the Siri glitch. A malicious app could execute arbitrary shortcuts or leak sensitive kernel state without the user’s consent. Also, similar to macOS, Safari’s private browsing mode can expose your browsing history.
For a complete list of patches, see Apple’s release notes for iOS 18.1 and iPadOS 18.1, or macOS 15.1.
These patches aren’t just for Apple’s latest software updates. Additionally, Apple has released security updates for iOS 17.7.1 and iPadOS 17.7.1, macOS Sonoma 14.7.1, and macOS Ventura 13.7.1. These updates are aimed at users who don’t want to update their devices to Apple’s latest OS, or who have older devices that can’t be upgraded. This update includes many of the same security patches as the latest OS release, so you’re protected even if you’re running an older version of iOS, iPadOS, or macOS.
It’s not just iPhones, iPads, and Macs, as Apple has released updates to watchOS 11.1, tvOS 18.1, and visionOS 2.1. If you have these devices, please update them as well.
To protect your iPhone, iPad, or Mac from these security vulnerabilities, install the update
Again, Apple is not aware of these flaws being actively exploited at this time, but is committed to patching them before malicious actors find a way to exploit them. Recommended.
To update, open Settings (iPhone or iPad) or System Preferences (Mac) and go to General > Software Update. Load this page, then follow the onscreen instructions to download and install the update.
