You’ll really want to make time for this one.
On Wednesday, Apple released a series of major security patches for iOS (15.3) and macOS (Big Sur 11.6.3, Monterey 12.2, Catalina) designed to fix critical flaws in the operating systems. And yes, this seems to be happening a lot lately.
The updates affect Safari, macOS, tvOS, iOS, iPadOS, and watchOS. There are a multitude of issues addressed by Wednesday’s patches, and Apple makes clear in its documentation that many of them are quite serious.
“A website may be able to track sensitive user information,” reads one description of a problem with Safari. “Processing maliciously crafted web content may lead to arbitrary code execution,” reads another. That’s bad.
In other words, a sketchy website designed to exploit this vulnerability could make your computer run whatever code the hacker wanted.
Sketchy lookalike URLs pop up following launch of USPS free COVID test site
But wait, it gets even worse. That’s because Apple says these vulnerabilities aren’t just theoretical, but that someone — aka hackers, governments, or who knows — possibly took advantage of at least one of them in the real world.
“A malicious application may be able to execute arbitrary code with kernel privileges,” Apple writes, regarding an issue with iOS and iPadOS. “Apple is aware of a report that this issue may have been actively exploited.”
Thankfully, when it comes to the apparently Sisyphean task of keeping your iPhone and Mac free from zero-day vulnerabilities, hitting “update” goes a long way — even if you have to do it over and over again.