iPadOS, macOS Monterey and old iOS: Apple patches gaps
iPadOS 16 is not ready yet, but a security update is coming. There is now Safari 16 on the Mac – and also many patches. iOS 15 is also being considered.
In addition to iOS 16 and watchOS 9, Apple also released updates for older operating systems on Monday evening. These are pure security updates, new functions are apparently not included. macOS Monterey 12.6, macOS Big Sur 11.7, iPadOS 15.7 and iOS 15.7 are freshly available – the latter is intended for users who do not yet want to update to iOS 16, which apparently also has the patches. Apple has also provided the Safari 16 browser for macOS 12 and 11; it fixes security vulnerabilities and offers some new features.
Fixed heavy gaps
With the updates, Apple is once again taking care of eliminating serious security gaps. In iOS 15.7 and iPadOS 15.7, there are more than a dozen, although Apple doesn’t list the exact details of all of them. Bugs include bugs in the kernel that allow code to be executed with appropriate privileges; one of the bugs is already being exploited in the form of a zero-day exploit, as Apple itself points out. Other errors relate to privacy protection: among other things, sensitive location data can be read out via Apple Maps and the contacts app may not adhere to the user’s data protection settings. A bug in Safari allows tracking via web extensions, another in shortcuts reading photos from the lock screen. Several bugs in the WebKit browser engine allow code to be run from compromised websites.
Some of the bugs fixed in macOS 12.6 and macOS 11.7 correspond to those in iOS and iPadOS 15.7, respectively, including the actively exploited kernel vulnerability. However, there are also bugs that are only relevant for macOS. These are included in iMovie, in ATS, the media library (MediaLibrary) and in PackageKit. Attackers can sometimes gain more rights, but sometimes they can also read sensitive data (including in maps).
Safari 16 for everyone
Notably, Apple has also released Safari 16, which is actually part of macOS 13 aka Ventura. However, the new operating system will not be available until October. Apparently Apple didn’t want to wait with the update because the new browser version also closes a handful of security holes. These are included in the WebKit browser engine and web extension management and can be used to execute malicious code or track users unwantedly. Another error allows so-called UI spoofing, which could be used for phishing attacks, for example.
But Safari 16 also brings new features. This includes a tab group home page where you can set wallpaper and favorites; In addition, favorite tabs can now be pinned. The sidebar lists open tabs if desired. Synchronize website settings via iCloud and improved password management knows the respective criteria of a website for access, should these be reported to the browser in a standardized way. Apple has not yet provided any information on which security gaps have been fixed in tvOS 16 and watchOS 9. The bugs fixed in iOS 16 seem to match those fixed in iOS 15.7. Apple has not yet provided patches for macOS Catalina (10.15) – it is unclear whether they will come in the future.