macOS Sonoma 14.1.2 patches 2 zero-day vulns; other vulns unpatched

It’s important to note that Apple does not patch all applicable security vulnerabilities for previous operating system versions, such as macOS Ventura and Monterey. Both of these Mac operating systems receive far fewer patches than macOS Sonoma. Apple makes no promises about how long it will continue to patch previous OS versions.

iOS 17.1.2 and iPadOS 17.1.2

Available for:
iPhone XS and later (including iPhone XR, iPhone 11 and later, and iPhone SE 2nd and 3rd generations), iPad Pro 12.9-inch 2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 6th generation and later, and iPad mini 5th generation and later

Security updates:
This update addresses the same two WebKit vulnerabilities that Apple addressed in the macOS Sonoma update. See the list of security patches.

What Apple didn’t patch

macOS Sonoma still has unpatched, critical vulnerabilities

Although curl’s October 11 update (version 8.4.0) patched a high-severity vulnerability, Apple did not include the update with macOS Sonoma 14.1, 14.1.1, or 14.1.2.

Meanwhile, Intego has discovered that several other critical-severity vulnerabilities, including one that has been actively exploited in the wild, appear to remain unpatched in macOS Sonoma 14.1.2.

Apple neglects to patch multiple critical vulnerabilities in macOS

Intego first discussed the curl update on episode 313 of the Intego Mac Podcast.

iOS 16 and iPadOS 16 — no updates today; confirmed vulnerable

Apple specifically mentioned in the iOS 17.1.2 release notes that the two WebKit vulnerabilities addressed in today’s update have been used against iOS 16 earlier this year. However, Apple did not release a corresponding update today to address those vulnerabilities for iOS 16.

Both the iPhone 8 and iPhone X cannot be upgraded to iOS 17 or later. These phones, and iPads of a similar vintage, presumably remain vulnerable to both of the actively exploited WebKit vulnerabilities as of today. It remains to be seen when—or if—Apple will release further patches for iOS 16 or iPadOS 16 for these devices. Apple’s most recent update for these operating systems was just over a month ago, on October 25.

iOS 15 and iPadOS 15 — no updates today

Apple did not released any security patches for iOS 15 or iPadOS 15 today, either. As the two-versions-old mobile operating systems, both receive only minimal patches, if any, at this point.

Many devices such as iPhone 6S, iPhone SE (1st generation), iPhone 7, and iPads of a similar vintage, are only able to run version 15 of their respective operating systems. Therefore, they presumably remain vulnerable to both of the actively exploited WebKit vulnerabilities as of today. It remains to be seen when—or if—Apple will release further patches for iOS 15 or iPadOS 15 for these devices. Apple’s most recent update for these operating systems was just over a month ago, on October 25.

To reiterate, Apple does not patch all applicable security vulnerabilities for previous operating system versions, such as iOS 15. If your device cannot be upgraded to iOS 17, it’s best to buy newer hardware.

iOS 12 — no updates since January

It has been nearly 10 months since Apple last released a security update for older devices stuck on iOS 12. The most recent, and probably final, security update for iOS 12 was released in January 2023, and it only patched a single vulnerability.

Again, users whose devices are incapable of upgrading to iOS or iPadOS 17 should consider buying newer hardware that supports the current, and fully patched, operating systems.

watchOS 10 — no updates today

watchOS 9 — no updates since September

Likewise, there wasn’t a watchOS 9 update today, either.

It remains to be seen whether Apple will continue patching watchOS 9. Every Apple Watch model that was compatible with watchOS 9 (namely, Series 4 and later) is also compatible with watchOS 10, so there’s little reason for Apple to patch watchOS 9 anymore.

watchOS 8 — no updates since June

All Apple Watch models older than the Series 4 should be considered perpetually vulnerable, and unsafe to use.

tvOS 17 — no updates today

How to install Apple security updates

It is recommended to update as soon as you can.

If you haven’t yet upgraded to macOS Sonoma, be sure to first update your critical software. For example, run Intego’s NetUpdate utility and install all available updates, and then check for updates for all other software that you use regularly. Next, check for macOS updates by going to System Settings > General > Software Update.

If you have any trouble getting the macOS update to show up, either press ⌘R at the Software Update screen, or type in the Terminal softwareupdate -l (that’s a lowercase L) and press Return/Enter, then check System Settings > General > Software Update again.

Note that only the latest macOS version (currently, that’s macOS Sonoma) is ever fully patched; older macOS versions only get a subsection of those patches and remain vulnerable. Therefore, staying on the latest macOS version is critically important for maintaining your security and privacy. For more information, see our article, “When does an old Mac become unsafe to use?”

Users of iPhone or iPad can go to Settings > General > Software Update to update iOS or iPadOS on their devices. (This is called an “over the air” or OTA update.) Alternatively, you can connect your device to your Mac, click on the device name in a Finder window sidebar, and check for updates there.

To update watchOS on your Apple Watch, the process is a bit more complicated. First, update your iPhone to the latest operating system it can support (ideally the latest version of iOS 17). Next, ensure that both your iPhone and Apple Watch are on the same Wi-Fi network. Your Apple Watch also needs to have at least a 50% charge. Then open the Watch app on your iPhone and tap General > Software Update.

Whenever you’re preparing to update macOS, iOS, or iPadOS, it’s a good idea to always back up your data before installing any updates. This gives you a restore point if something does not go as planned. See our related article on how to check your macOS backups to ensure they work correctly.

How to Verify Your Backups are Working Properly

See also our article on how to back up your iPhone or iPad to iCloud and to your Mac.

Should you back up your iPhone to iCloud or your Mac? Here’s how to do both

How can I learn more?

Each week on the Intego Mac Podcast, Intego’s Mac security experts discuss the latest Apple news, security and privacy stories, and offer practical advice on getting the most out of your Apple devices. Be sure to follow the podcast to make sure you don’t miss any episodes.