Security News > 2022 > October > Apple megaupdate: Ventura out, iOS and iPad kernel zero-day – act now!
The "Clear-and-present danger" prize goes to iOS and iPadOS, which get updated to version 16.1 and 16 respectively, where one of the listed security vulnerabilites allows kernel code execution from any app, and is already actively being exploited.
As you might have assumed, given that the release of Ventura takes macOS to version 13, three-versions-ago macOS 10 Catalina doesn't appear in the list this time.
Apple typically provides security updates only for the previous and pre-previous versions of macOS, and that's how the patches played out here, with patches to take macOS 11 Big Sur to version 11.7.1, and macOS 12 Monterey to version 12.6.1.
If you aren't on Ventura but intend to upgrade right away, your first experience of the new version will automatically include the 112 CVE patches mentioned above, so the version upgrade will automatically include the needed security updates.
If you're planning on sticking with the previous or pre-previous macOS version for a while yet, don't forget that you need two updates: one specific to Big Sur or Monterey, and the other an update for Safari that's the same for both operating system flavours.
On iOS or iPad OS, urgently use Settings > General > Software Update On macOS, use Apple menu > About this Mac > Software Update macOS 13 Ventura Beta users should update immediately to the full release.
News URL
Related news
- Apple fixes two zero-days used in attacks on Intel-based Macs (source)
- Apple Releases Urgent Updates to Patch Actively Exploited Zero-Day Vulnerabilities (source)
- Apple fixes 2 zero-days exploited to breach macOS systems (CVE-2024-44309, CVE-2024-44308) (source)
- Apple Patches Two Zero-Day Attack Vectors (source)