Update, Aug. 18, 3:45 p.m.: Apple has released the Safari 15.6.1 update for macOS Big Sur and Catalina to patch the WebKit vulnerability it fixed in macOS Monterey yesterday. Still no word on whether the kernel vulnerability is present in either of these older operating systems, but we'll update if Apple responds to our query.
Original story: Apple has released a trio of operating system updates to patch security vulnerabilities that it says "may have been actively exploited." The macOS 12.5.1, iOS 15.6.1, and iPadOS 15.6.1 updates are available for download now and should be installed as soon as possible.
The three updates all fix the same pair of bugs. One, labeled CVE-2022-32894, is a kernel vulnerability that can allow apps "to execute arbitrary code with kernel privileges. The other, CVE-2022-32893, is a WebKit bug that allows for arbitrary code execution via "maliciously crafted web content." Both discoveries are attributed to an anonymous security researcher. WebKit is used in the Safari browser as well as in apps like Mail that use Apple's WebViews to render and display content.
Apple didn't release equivalent security patches for macOS Catalina or Big Sur, two older versions of macOS that are still receiving regular security updates. We've contacted Apple to see whether it plans to release these patches for these older OSes, or if they aren't affected by the bugs and don't need to be patched.
Apple's software release notes for the updates don't reference any other fixes or features. Apple is actively developing iOS 16, iPadOS 16, and macOS Ventura, and those updates are due out later this fall.
reader comments
23