Apple pushed out multiple security updates this week for iPhones, MacBooks, and other devices that use either iOS or MacOS, leading a federal agency to advise people to apply them.
Another more serious issue that was filed in the update had allowed a “remote attacker” to cause an “unexpected app termination or arbitrary code execution,” according to Apple.
Apple also sent out security patches for several bugs to its kernel that may allow attackers to use memory mappings to leak sensitive kernel state information, it said.
For the MacOS updates, Apple also released security fixes for the IOMobileFrameBuffer that can allow arbitrary code execution, according to its release notes.
Apple has long said that it will not release details of the security fixes and again reiterated its stance this week.
It’s not clear whether any of the security flaws were being actively exploited.
The latest series of Apple updates prompted the U.S. Cybersecurity and Infrastructure Agency (CISA) to advise users and administrators on Dec. 12 to review Apple’s “advisories and apply necessary updates.”
“Apple released security updates to address vulnerabilities in multiple Apple products. A cyber threat actor could exploit some of these vulnerabilities to take control of an affected system,” CISA said in its statement.
“Apple is aware of a report that this issue may have been actively exploited on Intel-based Macs,” the company wrote at the time.
How to Update
For iPhone or iPad users who do not have their devices set to automatically update, tap the “Settings” app, select “General Software Update” if the update is available, and tap “Download and Install.” For those who want the update to occur overnight, tap “Update Tonight” and follow any additional prompts.For MacOS users, open the “Apple” menu, select “System Settings,” click “General” on the sidebar, and click “Software Update” on the right of the screen if an update is available.
