Nearly every operating system update contains fixes for security vulnerabilities, and the latest releases are no exception. Find out what has been patched by iOS 15.6, macOS 12.5, and the others.
Apple doesn't disclose or confirm security issues until an investigation has occurred and patches are made available. On Wednesday, Apple released a slew of updates for its devices to ensure continued secure and stable operation.
Apple released iOS 15.6, iPadOS 15.6, watchOS 8.7, tvOS 15.6, macOS Monterey 12.5, macOS Big Sur 11.6.8, and macOS Catalina 10.15.7 2022-005 with various security patches and other fixes. Due to Apple's operating systems sharing a lot of code base and functionality, a single fix can be applicable across every OS.
Most of the fixes are related to unauthorized permissions being granted to an attacker, app, or user. Several vulnerabilities were addressed across every operating system.
- An issue with APFS could give an app with root privileges the ability to execute arbitrary code with kernel privileges. Fixed with improved memory handling. CVE-2022-32832
- A remote user may be able to cause kernel code execution thanks to a vulnerability with Apple AVD. A buffer overflow issue was addressed with improved bounds checking as a fix. CVE-2022-32788
- An app may be able to gain root privileges through the AppleMobileFileIntegrity kernel extension. An authorization issue was addressed with improved state management. CVE-2022-32826
- An app may be able to execute arbitrary code with kernel privileges through the audio extension. An out-of-bounds write issue was addressed with improved input validation. CVE-2022-32820
- A remote user may cause an unexpected app termination or arbitrary code execution through the CoreText extension. The issue was addressed with improved bounds checks. CVE-2022-32839
There are several more patches for each operating system, some specific to an individual OS. Apple generally discloses if any vulnerabilities are actively being used by exploits in the wild.
Users generally don't need to worry about specific fixes applied in an update. It is important to install an update as soon as practical balanced against the needs of mission-critical software to ensure device security is sound.
Those interested in detailed information about every security update can visit Apple's security update website.
10 Comments
What is Appleinsiders stance on updates? In one post it is wait a few days before installing and in this one it is install as soon a practically possible!?
I'm not waiting. Retired IT security pro here. But they're your devices. 😊
Backing up first, then updating. If there's a problem with the new release, I can recover.