Apple releases macOS Sonoma 14.2, iOS 17.2, and more, with security updates

What Apple didn’t mention: patched and unpatched

In macOS Sonoma 14.2, Apple updated curl to version 8.4.0 to address several vulnerabilities. (Intego published an exclusive report about macOS Sonoma’s curl vulnerabilities in November.) Interestingly, Apple did not mention this fact in its security release notes.

However, macOS Sonoma is still missing a number of major security patches. Intego has discovered that several other critical-severity vulnerabilities, including one that has been actively exploited in the wild, appear to remain unpatched in macOS Sonoma 14.2.

macOS Ventura 13.6.3

Available for:
All supported Macs currently running macOS Ventura

Security-related fixes and updates:
Apple addressed at least 17 vulnerabilities in macOS Ventura 13.6.3. Each one was also addressed in the macOS Sonoma update. Enterprise users did receive the following improvement through the previous 13.6.2 update, which was not covered by us as it contained no security-related content:

MacBook Pro 14-inch and 16-inch computers with Apple silicon no longer start up to a black screen or circled exclamation point after the built-in display’s default refresh rate is changed.

For the full list of security patches included in Ventura 13.6.3, have a look here.

You can get this update by going to System Settings > Software Update.

macOS Monterey 12.7.2

Available for:
All supported Macs currently running macOS Monterey

Security-related fixes and updates:
Apple addressed at least 15 vulnerabilities in this update. Each one was also addressed in the macOS Sonoma and Ventura updates.

You can get this update by going to System Preferences > Software Update.

Safari 17.2 for macOS Ventura and Monterey

Available for:
macOS Ventura and macOS Monterey

This update addresses two WebKit issues (CVE-2023-42883 and CVE-2023-42890), both of which Apple addressed in the macOS Sonoma 14.2 update.

iOS 17.2 and iPadOS 17.2

Available for:
iPhone XS and later, iPad Pro 12.9-inch 2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 6th generation and later, and iPad mini 5th generation and later

Update information:

This release also includes Action button and Camera enhancements, as well as other features, bug fixes, and security updates for your iPhone.

About Journal:

• Journal is a new app that lets you write about the small moments and big events in your life so you can practice gratitude and improve your wellbeing
• Journaling suggestions make it easy to remember your experiences by intelligently grouping your outings, photos, workouts, and more into moments you can add to your journal
• Filters let you quickly find bookmarked entries or show entries with attachments so you can revisit and reflect on key moments in your life
• Scheduled notifications help you keep a consistent journaling practice by reminding you to write on the days and time you choose
• Option to lock your journal using Touch ID or Face ID
• iCloud sync keeps your journal entries safe and encrypted on iCloud

Enterprise:

• Introduced a key, allowLiveVoicemail, to allow enabling or disabling of Live Voicemail via MDM.
• Devices no longer fail to complete extensible SSO authentication that requires multiple steps.
• Passcode policy wipe will no longer delete configured eSIM(s) when the new forcePreserveESIMOnErase key is set to True.
• The global proxy profile no longer causes AirDrop discovery requests to time out.
• Resolved an issue where sharingd crashes caused excessive cellular and Wi-Fi data use.
• Exchange calendars are now shown as an option in default Calendar settings.
• Devices are now able to locate AirPrint printers outside of the .local domain.

Bug fixes and improvements:

• Siri support for privately accessing and logging Health app data using your voice
• AirDrop improvements including expanded contact sharing options and the ability to share boarding passes, movie tickets, and other eligible passes by bringing two iPhones together
• Favorite Songs Playlist in Apple Music lets you quickly get back to the songs you mark as favorites
• Use Listening History in Apple Music can be disabled in a Focus so music you listen to does not appear in Recently Played or influence your recommendations
• A new Digital Clock Widget lets you quickly catch a glimpse of the time on your Home Screen and while in StandBy
• Enhanced AutoFill identifies fields in PDFs and other forms enabling you to populate them with information such as names and addresses from your contacts
• New keyboard layouts provide support for 8 Sámi languages
• Sensitive Content Warning for stickers in Messages prevents you from being unexpectedly shown a sticker containing nudity
• Qi2 charger support for all iPhone 13 models and iPhone 14 models
• Fixes an issue that may prevent wireless charging in certain vehicles

Security-related fixes and updates:
Apple addressed at least 12 vulnerabilities in this update, most of which we covered in the macOS updates.

The full list of security issues that Apple addressed can be found here. To get your hands on this latest update, connect your device to your Mac and follow the update prompts. You can also download these updates over the air by going to Settings > General > Software Update on your device.

iOS 16.7.3 and iPadOS 16.7.3

Available for:
iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later

Security-related fixes and updates:
Apple addressed at least 8 vulnerabilities in this update, most of which we covered in the previously mentioned OS updates.

watchOS 10.2

Available for:
Apple Watch Series 4 and later

Update information:

watchOS 10.2 includes new features, improvements, and bug fixes, including:

• Access and log Health app data with Siri (Available on Apple Watch Series 9 and Apple Watch Ultra 2)
• Automatically view Now Playing when in proximity of HomePod (2nd generation) or HomePod mini playing media from Music or Podcasts (Available on Apple Watch Series 6 and later and Apple Watch Ultra)
• Enable the ability to swipe to change watch faces in Settings
• Enable the ability to confirm ending workouts in Settings
• Prioritize the volume of either the music or trainers’ voices in most Fitness+ workouts
• Resolves an issue that can cause watch faces added in the Watch app on iPhone to not appear on Apple Watch

Security-related fixes and updates:
Apple addressed at least 9 vulnerabilities in this update, most of which we covered in the previously mentioned OS updates.

tvOS 17.2

Available for:
Apple TV HD and Apple TV 4K (all models)

Update information:

This update enhances the FaceTime, Fitness, and Apple TV apps, streamlines voice search in supported apps, adds new support for Siri, and includes performance and stability improvements.

• Apple TV app
  • The new sidebar makes it easier to navigate and find something great to watch.
  • All your subscribed channels and connected apps can now be found under Channels & Apps in the sidebar and in Home.
  • iTunes movies and shows have moved to the Apple TV app. Buy and rent from the Store, and find your purchases in the Library.
  • Watch Now is now called Home, where you can browse movies and TV shows.
• FaceTime
  • Ability to answer calls directly on your Apple TV 4K.
  • Support for FaceTime audio calls on Apple TV 4K.
  • Calls can now move from your Apple TV 4K to your iPhone or iPad.
• SharePlay — Dolby Atmos and Dolby Digital surround sound formats are now available while watching something together with SharePlay.
• Apple Fitness+ — Audio focus lets you choose to hear more of what motivates your workout, whether it’s the trainer’s voice or the music.
• Voice Search — Onscreen search can start from anywhere inside supported apps like TV and Music. Press the Siri button to dictate a search.
• Siri — Now includes language support for Arabic in Saudi Arabia and United Arab Emirates, Malay in Malaysia, and Turkish in Türkiye to help you find shows, music, and more using just your voice.

Security-related fixes and updates:
Apple addressed at least 8 vulnerabilities in this update, most of which we covered in the previously mentioned OS updates.

audioOS 17.2

However, according to the Mr. Macintosh blog, which keeps track of OS version numbers, the audioOS build number always matches that of tvOS, which seems to imply that the HomePod runs essentially the same operating system as the Apple TV.

HomePod updates are generally not urgent, and they are supposed to install automatically. However, if you would like to update your HomePod or HomePod mini’s operating system manually, you can go into the Home app on your iPhone or iPad, then tap the House icon > Home Settings > Software Update > temporarily disable (toggle off) Install Updates Automatically > then tap Install. After updating, remember to re-enable the Install Updates Automatically setting.

What Apple didn’t patch

iOS 15 and iPadOS 15 — no updates since October

Apple did not release any security patches for iOS 15 or iPadOS 15 today, either. As the two-versions-old mobile operating systems, both receive only minimal patches, if any, at this point.

Many devices such as iPhone 6S, iPhone SE (1st generation), iPhone 7, and iPads of a similar vintage, are only able to run version 15 of their respective operating systems. Therefore, they presumably remain vulnerable to both of the actively exploited WebKit vulnerabilities as of today. It remains to be seen when—or if—Apple will release further patches for iOS 15 or iPadOS 15 for these devices. Apple’s most recent update for these operating systems was just over a month ago, on October 25.

iOS 12 — no updates since January

It has been nearly 11 months since Apple last released a security update for older devices stuck on iOS 12. The most recent, and probably final, security update for iOS 12 was released in January 2023, and it only patched a single vulnerability.

watchOS 9 — no updates since September

Likewise, there wasn’t a watchOS 9 update today, either.

It remains to be seen whether Apple will continue patching watchOS 9. Every Apple Watch model that was compatible with watchOS 9 (namely, Series 4 and later) is also compatible with watchOS 10, so there’s little reason for Apple to patch watchOS 9 anymore.

watchOS 8 — no updates since June

Unsurprisingly, watchOS 8 didn’t get an update, either. The only Apple Watch model that’s stuck with watchOS 8 is the Apple Watch Series 3. Apple sold the Series 3 until March 2023—even after the company had seemingly ceased all updates for watchOS 8. Apple did release a single update, patching a single vulnerability in watchOS 8, in June 2023, but this has been the only vulnerability Apple has patched for the OS from July 2022 to present.

All Apple Watch models older than the Series 4 should be considered perpetually vulnerable, and unsafe to use.

How to install Apple security updates

It is recommended to update as soon as you can.

If you haven’t yet upgraded to macOS Sonoma, be sure to first update your critical software. For example, run Intego’s NetUpdate utility and install all available updates, and then check for updates for all other software that you use regularly. Next, check for macOS updates by going to System Settings > General > Software Update.

If you have any trouble getting the macOS update to show up, either press ⌘R at the Software Update screen, or type in the Terminal softwareupdate -l (that’s a lowercase L) and press Return/Enter, then check System Settings > General > Software Update again.

Note that only the latest macOS version (currently, that’s macOS Sonoma) is ever fully patched; older macOS versions only get a subsection of those patches and remain vulnerable. Therefore, staying on the latest macOS version is critically important for maintaining your security and privacy. For more information, see our article, “When does an old Mac become unsafe to use?”

Users of iPhone or iPad can go to Settings > General > Software Update to update iOS or iPadOS on their devices. (This is called an “over the air” or OTA update.) Alternatively, you can connect your device to your Mac, click on the device name in a Finder window sidebar, and check for updates there.

To update watchOS on your Apple Watch, the process is a bit more complicated. First, update your iPhone to the latest operating system it can support (ideally the latest version of iOS 17). Next, ensure that both your iPhone and Apple Watch are on the same Wi-Fi network. Your Apple Watch also needs to have at least a 50% charge. Then open the Watch app on your iPhone and tap General > Software Update.

Whenever you’re preparing to update macOS, iOS, or iPadOS, it’s a good idea to always back up your data before installing any updates. This gives you a restore point if something does not go as planned. See our related article on how to check your macOS backups to ensure they work correctly.

How to Verify Your Backups are Working Properly

See also our article on how to back up your iPhone or iPad to iCloud and to your Mac.

Should you back up your iPhone to iCloud or your Mac? Here’s how to do both

How can I learn more?

Each week on the Intego Mac Podcast, Intego’s Mac security experts discuss the latest Apple news, security and privacy stories, and offer practical advice on getting the most out of your Apple devices. Be sure to follow the podcast to make sure you don’t miss any episodes.