Apple releases last week’s security patches for older iPhones, iPads, and Macs

April 10, 2023:

iPhones running iOS 15.
Enlarge / iPhones running iOS 15.

Apple

Last week, Apple released iOS and iPadOS 16.4.1 and macOS Ventura 13.3.1 to patch two actively exploited security vulnerabilities and fix other small bugs. Today it’s following those up with iOS and iPadOS 15.7.5, macOS Monterey 12.6.5, and macOS Big Sur 11.7.6 to patch those same vulnerabilities in older devices that are still receiving software updates but aren’t capable of running the newest OSes.

Mac owners will also want to install last week’s Safari 16.4.1 update. Safari is still updated separately from the rest of the OS on Macs, so the Safari update plugs one of the security holes (CVE-2023-28205, a WebKit arbitrary code execution vulnerability), and the macOS update patches the other (CVE-2023-28206, a graphics-related bug that can allow arbitrary code execution with kernel privileges).

You’ll be able to install the Mac updates on any Mac that’s running Big Sur or Monterey, even if the hardware is capable of upgrading to Ventura. Apple is only providing iOS and iPadOS 15 updates to older devices that can’t run version 16. That list of old devices includes models like the iPhone 6S and 7, the original iPhone SE, the last iPod Touch, and the iPad Air 2 that Apple sold for several years in the mid-2010s.

Apple has always provided at least a couple of years of security updates to older macOS versions, and in recent years the company has been extending the same courtesy to older iPhones and iPads. Releasing today’s security updates several days after patching the same security holes in newer OSes isn’t ideal—in theory, it could leave additional time for attackers to target those specific OS versions—but at least all currently supported operating systems can now be secured.

In other cases, Apple has left a much larger gap between updates for new and older OSes, and occasionally security holes in old but still supported OSes don’t get patched at all.

Source link