Shortly following the updates to iOS 16.4, iPadOS 16.4, and macOS Ventura 13.3, Apple has released iOS 15.7.4, iPadOS 15.7.4, macOS Monterey 12.6.4, and macOS Big Sur 11.7.5, all with important security fixes.
iOS 15 security patches
The company released iOS 16.4 and others on Monday with new actions in Shortcuts, more emojis, push notifications for web apps, and more features. But for older devices that can't update to the latest operating system versions, there are iOS and iPadOS 15.7.4, macOS Big Sur 11.7.5, and macOS Monterey 12.6.4.
They contain essential fixes for security vulnerabilities across WebKit, Calendar, Camera, Accessibility, and other system components. Here are a few of them.
Security patches in iOS 15.7.4
Accessibility
- Available for: iPhone 6s (all models), iPhone 7 (all models), iPhone SE (1st generation), iPad Air 2, iPad mini (4th generation), and iPod touch (7th generation)
- Impact: An app may be able to access information about a user's contacts
- Description: A privacy issue was addressed with improved private data redaction for log entries.
- CVE-2023-23541: Csaba Fitzl (@theevilbit) of Offensive Security
Calendar
- Available for: iPhone 6s (all models), iPhone 7 (all models), iPhone SE (1st generation), iPad Air 2, iPad mini (4th generation), and iPod touch (7th generation)
- Impact: Importing a maliciously crafted calendar invitation may exfiltrate user information
- Description: Multiple validation issues were addressed with improved input sanitization.
- CVE-2023-27961: Rza Sabuncu (@rizasabuncu)
Camera
- Available for: iPhone 6s (all models), iPhone 7 (all models), iPhone SE (1st generation), iPad Air 2, iPad mini (4th generation), and iPod touch (7th generation)
- Impact: A sandboxed app may be able to determine which app is currently using the camera
- Description: The issue was addressed with additional restrictions on the observability of app states.
- CVE-2023-23543: Yigit Can YILMAZ (@yilmazcanyigit)
Similar fixes are found in the macOS updates.