Security News

The most recent iPhone update-to version 16.1.2-patches a zero-day vulnerability that "May have been actively exploited against versions of iOS released before iOS 15.1.". Apple said security researchers at Google's Threat Analysis Group, which investigates nation state-backed spyware, hacking and cyberattacks, discovered and reported the WebKit bug.

In security updates released today, Apple has fixed the tenth zero-day vulnerability since the start of the year, with this latest one actively used in attacks against iPhones. In October, Apple fixed a zero-day in the iOS Kernel.

In security updates released today, Apple has fixed the tenth zero-day vulnerability since the start of the year, with this latest one actively used in attacks against iPhones.The vulnerability was disclosed in security bulletins released today for iOS/iPadOS 15.7.2, Safari 16.2, tvOS 16.2, and macOS Ventura 13.1, with Apple warning that the flaw "May have been actively exploited" against previous versions.

In brief Apple has patched an iOS and iPad OS vulnerability that's already been exploited. Apple issued patches for iOS 16.1 and iPad OS 16, to address this and 19 other vulnerabilities.

Why did a single security bulletin describe updates dubbed iOS 16.1 and iPadOS 16? We know that iPadOS 16 was delayed, so did this recent update mean that iPadOS was now getting patched only to the same security level as iOS 16, which came out more than a month ago, while iOS advanced to 16.1, thus leaving iPadOS more than five weeks adrift in cybersecurity terms? Why did iPadOS 16 ultimately report itself as version 16.1? After updating, the About screen apparently says iPadOS 16, like the security bulletin did, while the iPadOS Version screen explicitly says 16.1. It sounds as though iPhones and iPads now not only both support "The version family known as 16", but also both have the very latest security fixes, so why not simply call both of them version 16.1 everywhere for clarity, including in the security bulletin and on the About screen? Where did macOS 10 Catalina go? Traditionally, Apple drops support for macOS version X-3 when version X comes out, but is that the actual explanation of why macOS 11 Big Sur and macOS 12 Monterey got updates while Catalina didn't? What happened to iOS/iPadOS 15.7.1? When iOS 16 came out in September 2022, the previous version family received critical updates as well, taking it to version 15.7.

Apple has released new security updates to backport patches released earlier this week to older iPhones and iPads, addressing an actively exploited zero-day bug. Apple addressed the zero-day vulnerability in iOS 15.7.1 and iPadOS 15.7.1 today with improved bounds checking.

In security updates released on Monday, Apple has fixed the ninth zero-day vulnerability used in attacks against iPhones since the start of the year. As Apple explains, if successfully exploited in attacks, this zero-day could have been used by potential attackers to execute arbitrary code with kernel privileges.

We use Apple's Mail app all day, every day for handling work and personal email, including a plentiful supply of very welcome Naked Security comments, questions, article ideas, typo reports, podcast suggestions and much more. We've always found the Mail app to be a very useful workhorse that suits us well: it's not especially fancy; it's not full of features we never use; it's visually simple; and, it's been doggedly reliable.

Apple has pushed out five security fixes including including two vulnerabilities in its iPhones, iPads and Mac operating systems that are already being exploited. The vendor said it fixed the flaw with improved bounds checks and has released patches for iPhone 6 and later, iPad Pro, iPad Air 2 and later, and iPad 5, iPad mini 4, and iPod touch models and all newer kit.

Apple has released security updates to address the eighth zero-day vulnerability used in attacks against iPhones and Macs since the start of the year. In security advisories issued on Monday, Apple revealed they're aware of reports saying this security flaw "May have been actively exploited."