Apple patches 1st in-the-wild exploited bug of 2024 in macOS Sonoma 14.3, iOS 17.3 and more

macOS Ventura 13.6.4

Available for:
All supported Macs currently running macOS Ventura

Security-related fixes and updates:
At least 13 vulnerabilities were addressed. Most of them the same as those addressed in the macOS Sonoma update, including the fix for the exploited WebKit vulnerability. Enterprise users also received the following improvement:

Xsan volumes no longer fail to mount automatically.

A few of the fixes in this update, that are not found in the macOS Sonoma update (because they were previously patched in earlier Sonoma updates) are:

Core Data
Impact: An app may be able to bypass Privacy preferences
Description: This issue was addressed by removing the vulnerable code.

curl
Impact: Multiple issues in curl
Description: Multiple issues were addressed by updating to curl version 8.4.0

LoginWindow
Impact: A local attacker may be able to view the previous logged in user’s desktop from the fast user switching screen
Description: An authentication issue was addressed with improved state management.

For the full list of security patches included in macOS Ventura 13.6.4, have a look here.

You can get this update by going to System Settings > Software Update.

macOS Monterey 12.7.3

Available for:
All supported Macs currently running macOS Monterey

Security-related fixes and updates:
At least nine vulnerabilities were addressed in this update, overlapping with some of those addressed in the macOS Sonoma and Ventura updates.

For the full list of security patches included in macOS Monterey 12.7.3, have a look here.

You can get this update by going to System Preferences > Software Update.

Safari 17.3 for macOS Ventura and Monterey

This update addresses four WebKit issues, the same as those addressed in the macOS Sonoma 14.3 update.

The short list of fixes can be seen here, and the update is available in System Preferences > Software Update on your Mac. It will pop up as an available update once macOS 13.6.4 or 12.7.3 has been installed.

iOS 17.3 and iPadOS 17.3

Available for:
iPhone XS and later, iPad Pro 12.9-inch 2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 6th generation and later, and iPad mini 5th generation and later

Update information:

This update introduces additional security measures with Stolen Device Protection. This release also includes a new Unity wallpaper to honor Black history and culture in celebration of Black History Month, as well as other features, bug fixes, and security updates for your iPhone.

About Stolen Device Protection:

• Stolen Device Protection increases security of iPhone and Apple ID by requiring Face ID or Touch ID with no passcode fallback to perform certain actions
• Security Delay requires Face ID or Touch ID, an hour wait, and then an additional successful biometric authentication before sensitive operations like changing device passcode or Apple ID password can be performed

More information about this feature can be found here on Apple’s site. You can also check out our write-up of how to set up Stolen Device Protection on your iPhone, and why we recommend it.

How to enable Stolen Device Protection for iPhone

Other new features:

• Lock Screen
  New Unity wallpaper honors Black history and culture in celebration of Black History Month
• Music
  Collaborate on playlists allows you to invite friends to join your playlist and everyone can add, reorder, and remove songs
  Emoji reactions can be added to any track in a collaborative playlist

Enterprise:

• Stolen Device Protection must first be disabled in order to install configuration profiles, manually enroll in Mobile Device Management, or manually configure Exchange accounts.

Bug fixes & improvements:

• AirPlay hotel support lets you stream content directly to the TV in your room in select hotels
• AppleCare & Warranty in Settings shows your coverage for all devices signed in with your Apple ID
• Crash detection optimizations (all iPhone 14 and iPhone 15 models)

Security-related fixes and updates:
At least 16 vulnerabilities were addressed in this update, many of them the same as those addressed in the aforementioned macOS updates.

One fix unique to iOS and iPadOS 17.3 is for an issue with the new Stolen Device Protection:

Reset Services
Impact: Stolen Device Protection may be unexpectedly disabled
Description: The issue was addressed with improved authentication.

The full list of security issues that were addressed can be found here. To get your hands on this latest update, connect your device to your Mac and follow the update prompts. You can also download these updates over the air by going to Settings > General > Software Update on your device.

iOS 16.7.5 and iPadOS 16.7.5

Available for:
iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later

Security-related fixes and updates:
At least eight vulnerabilities were addressed in this update, all of them the same as those covered in the previously mentioned OS updates.

The full list of security issues that were addressed can be found here. To get this latest update, connect your device to your Mac and follow the update prompts. You can also download these updates over the air by going to Settings > General > Software Update on your device.

iOS 15.8.1 and iPadOS 15.8.1

Available for:
iPhone 6s (all models), iPhone 7 (all models), iPhone SE (1st generation), iPad Air 2, iPad mini (4th generation), and iPod touch (7th generation)

Security-related fixes and updates:

Although only two updates are listed for 15.8.1, they are both significant. Both involve WebKit vulnerabilities that may have been exploited in the past.

WebKit
Impact: Processing web content may disclose sensitive information. Apple is aware of a report that this issue may have been exploited against versions of iOS before iOS 16.7.1.
Description: An out-of-bounds read was addressed with improved input validation.

WebKit
Impact: Processing web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been exploited against versions of iOS before iOS 16.7.1.
Description: A memory corruption vulnerability was addressed with improved locking.

See here to read Apple’s brief document about this update.

To get this latest update, connect your device to your Mac and follow the update prompts. You can also download these updates over the air by going to Settings > General > Software Update on your device.

watchOS 10.3

Available for:
Apple Watch Series 4 and later

Update information:

• watchOS 10.3 includes new features, improvements, and bug fixes, including new Unity Bloom watch face to honor Black history and culture in celebration of Black History Month.

Security-related fixes and updates:
At least 12 vulnerabilities were addressed in this update, all of them the same as those covered in the previously mentioned OS updates.

The full list of security issues that were addressed can be found here. To install this update, make sure your iPhone is up to date first, both your phone and watch are connected to the same Wi-Fi network, and the watch has at least a 50% charge. Then open the Watch app on your phone and tap General > Software Update.

tvOS 17.3

Available for:
Apple TV HD and Apple TV 4K (all models)

Security-related fixes and updates:

At least nine vulnerabilities were addressed in this update, all of them the same as those covered in the previously mentioned OS updates.

The full list of security issues that were addressed can be found here.

How to install Apple security updates

Every update that was released today, with the exception of watchOS 10.3, includes a fix for a vulnerability that has reportedly been exploited in the wild. It is therefore ideal to update as soon as you reasonably can.

How to install macOS updates

If you haven’t yet upgraded to macOS Sonoma, be sure to first update your critical software. For example, run Intego’s NetUpdate utility and install all available updates, and then check for updates for all other software that you use regularly. Next, check for macOS updates by going to System Settings > General > Software Update.

If you have any trouble getting the macOS update to show up, either press ⌘R at the Software Update screen, or type in the Terminal softwareupdate -l (that’s a lowercase L) and press Return/Enter, then check System Settings > General > Software Update again.

Note that only the latest macOS version (currently, that’s macOS Sonoma) is ever fully patched; older macOS versions only get a subsection of those patches and remain vulnerable. Therefore, staying on the latest macOS version is critically important for maintaining your security and privacy. For more information, see our article, “When does an old Mac become unsafe to use?”

How to install other Apple OS updates

Users of iPhone or iPad can go to Settings > General > Software Update to update iOS or iPadOS on their devices. (This is called an “over the air” or OTA update.) Alternatively, you can connect your device to your Mac, click on the device name in a Finder window sidebar, and check for updates there.

To update watchOS on your Apple Watch, the process is a bit more complicated. First, update your iPhone to the latest operating system it can support (ideally the latest version of iOS 17). Next, ensure that both your iPhone and Apple Watch are on the same Wi-Fi network. Your Apple Watch also needs to have at least a 50% charge. Then open the Watch app on your iPhone and tap General > Software Update.

Whenever you’re preparing to update macOS, iOS, or iPadOS, it’s a good idea to always back up your data before installing any updates. This gives you a restore point if something does not go as planned. See our related article on how to check your macOS backups to ensure they work correctly.

How to Verify Your Backups are Working Properly

See also our article on how to back up your iPhone or iPad to iCloud and to your Mac.

Should you back up your iPhone to iCloud or your Mac? Here’s how to do both

How can I learn more?

Each week on the Intego Mac Podcast, Intego’s Mac security experts discuss the latest Apple news, security and privacy stories, and offer practical advice on getting the most out of your Apple devices. Be sure to follow the podcast to make sure you don’t miss any episodes.