Apple plugs serious security holes, no patch for iOS 17
Apple's latest updates close many vulnerabilities in iOS, macOS and iPadOS, including critical ones. There are probably no more patches for iOS 17.
iPhone, Mac and iPad users can update their devices to the latest software version and thus eliminate a long list of security vulnerabilities in the Apple operating systems. Version 18.2 of iOS has been available for iPhones since Wednesday evening , and iPadOS 18.2 for iPads.
Users who are still on iOS 17 should also upgrade now: There are apparently no more patches for the operating system; they remain on version 17.7.2 from November. Apple is already urging users to upgrade to iOS 18.
Version 17.7.3 only for certain iPads – no iPhones
In contrast to iOS 17, there is a fresh version 17.7.3 with security fixes for iPadOS 17. However, this is only intended for iPad model series that cannot be updated to iPadOS 18. These are the iPad Pro 10.5", the second-generation iPad Pro 12.9" and the iPad 6. Version 18 must be installed on all newer iPads in order to receive the latest security-related bug fixes.
Apple has not made a specific update promise for iOS, iPadOS and macOS. Older iOS versions are sometimes also patched when very serious vulnerabilities become known –, but only for hardware that is no longer supported by the newer operating system versions. It should be noted that Apple only closes all known gaps in the very latest versions of its operating systems.
Videos by heise
With macOS, Apple usually continues to provide (some) security updates for the two previous versions of the operating system. Currently, these are macOS 14 Sonoma and macOS 13 Ventura, for both of which patches are available in the form of versions 14.7.2 and 13.7.2. In addition, version 18.2 of the Safari browser is available as a standalone download. watchOS 11.2, tvOS 18.2 and visionOS 2.2 also plug gaps.
Many documented vulnerabilities
According to Apple, iOS 18.2 and iPadOS 18.2 close a good 20 documented security vulnerabilities, while macOS 15.2 closes almost 50. These include vulnerabilities in the kernel and a bug classified as critical in the open-source XML parser library Expat (libexpat), which could potentially allow a remote attacker to inject malicious code, Apple notes in the release notes. In addition, several gaps that allow malicious apps to read sensitive user data are said to have been fixed.
This week, MDM provider Jamf published details of a bug that, under certain conditions, allows a malicious app to exfiltrate data from other apps that use iCloud Drive –, including WhatsApp. Apple apparently fixed this back in September with iOS/iPadOS 18 and macOS 15, but according to the documentation, only in these latest versions of the operating systems.
Empfohlener redaktioneller Inhalt
Mit Ihrer Zustimmung wird hier ein externer Preisvergleich (heise Preisvergleich) geladen.
Ich bin damit einverstanden, dass mir externe Inhalte angezeigt werden. Damit können personenbezogene Daten an Drittplattformen (heise Preisvergleich) übermittelt werden. Mehr dazu in unserer Datenschutzerklärung.
(lbe)
