Hot off the heals of an entire week ofnew Mac hardware announcements, Apple has switched gears to plug a major security vulnerability found across its operating systems. According to the company, these vulnerabilities are related to its JavaScriptCore and WebKit web engine technologies, which underpin the functioning of internet access.
These patchescome in the form ofmacOS Sequoia15.1.1,iOS 18.1.1, iPadOS 18.1.1, visionOS 2.1.1., andSafari18.1.1. Apple has also gone ahead and pushed out updates to older systems running macOS Sequoia 15.x, iOS 17.x, and iPadOS 17.x.
With regard to the JavaScriptCore vulnerability, Apple says that “processing maliciously crafted web content may lead to arbitrary code execution.” As for the WebKit security flaw, the company says that “processing maliciously crafted web content may lead to a cross site scripting attack.”
In both cases, the companyhas addressed the exploitsvia “improved checks” and “improved state management.” These x.x.1 security patches are now broadly available to all users via over-the-air (OTA) updates.
Apple seems to have finally killed off its Lightning-to-3.5mm adapter
It’s the end of a not so great era.
How serious are these security vulnerabilities?
It’s unclear whether any real-world devices have been compromised
According to Apple, it’s aware that the issue “may have been actively exploited onIntel-based Macsystems.” There’s no word on whether any Apple Silicon-based Macs or any of the company’s mobile devices suffered active exploits, leaving much still up in the air. As is the nature of “zero day” exploits such as these, in which the vulnerability is initially unknown to the software company, information is still sparse while investigations take place.
Interestingly, it appears that it’s Google that initially brought these security weak points to light.
Interestingly, it appears Google initially brought these security weak points to light – the company’sThreat Analysis Group(TAG), which specializes in countering government-backed attacks, identified the threats and reported them to Apple. This is a possible indication that these exploits may have been used by sophisticated bad actors, such as by adversarial government agencies.
Apple’s swift response to these security vulnerabilities is great to see – especially its commitment to patching out the exploits on older devices not running the latest versions of macOS, iOS, and iPadOS. In any case, it’s highly recommended that all Apple users download and install these latest security patches to stay as protected and risk-free as possible.
Pocket-lint has reached out to Apple for comment and will update this story with a response if we receive one.
Apple’s TV set isn’t dead yet
Apple is reportedly still considering releasing its own TV set, but its fate could be determined by its upcoming smart home hub.
