iOS 18.6, macOS 15.6 and Co.: Apple plugs numerous security holes

Apple users should install the updates for iOS 18, macOS 15 and the other operating systems released on Wednesday night as soon as possible: Once again, the manufacturer has rolled out lots of fixes for security-related problems. Details have now also been provided in a support document. For example, iOS 18.6 and iPadOS 18.6 alone come with a total of two dozen bug fixes – plus 13 more, which Apple (once again) does not specify, but only gives the respective acknowledgments.

More fixes in macOS than in iOS

Most of the bugs are once again in Apple's browser engine WebKit – There are eight described in detail plus one more that Apple does not specify (interestingly, this comes from the Google V8 Security Team). The WebKit flaws can leak sensitive data, spoof the address bar, corrupt memory and lead to crashes and denial of service attacks. In the area of accessibility, it was discovered that VoiceOver can read out passcodes and under certain circumstances the camera and microphone indicator are not displayed correctly. Errors in CoreAudio, CoreMedia and CoreMedia Playback caused memory errors, crashes and the leaking of certain data. Two errors affect the 3D framework Model I/O, one affects the graphics interface Metal. External content was sometimes loaded in Apple Mail even though the user did not want this.

macOS 15.6 contains significantly more fixes than the mobile operating systems: there are a total of over 80 plus 16 acknowledgments. How this difference compared to iOS and iPadOS came about remained unclear at first. Several of the bugs allow malicious apps to gain root privileges (including in StorageKit, Kernel, PackageKit, AppleMobileFileIntegrity and Core Services). Apple is not naming remote exploits (for now). Bugs of varying severity are also found in the GPU drivers (system crash), Where is? (fingerprinting possibility) and Managed Configuration (lockdown mode could be deactivated). There are also numerous bug fixes for WebKit bugs. Apple did not provide any information on whether bugs are already being exploited – and no corresponding reports are mentioned.

Bug fixes for older operating systems

Apple has now also published information on the fixes in watchOS 11.6, tvOS 18.6 and visionOS 2.6. watchOS and tvOS each fix parts of the gaps that were also fixed in iOS and macOS.

The same applies to visionOS 2.6 – There do not appear to be any "special bugs" here. Apple is also providing updates for macOS Sonoma (14.7.7), macOS Ventura (13.7.7) and iPadOS 17 (17.7.9), which deliver some of the fixes from the other operating systems, but unfortunately not all of them as usual. Information on a single update for Safari (18.6) was not initially available at –. It is also part of macOS 15.6.

Empfohlener redaktioneller Inhalt

Mit Ihrer Zustimmung wird hier ein externer Preisvergleich (heise Preisvergleich) geladen.

Preisvergleiche immer laden Preisvergleich jetzt laden

Ich bin damit einverstanden, dass mir externe Inhalte angezeigt werden. Damit können personenbezogene Daten an Drittplattformen (heise Preisvergleich) übermittelt werden. Mehr dazu in unserer Datenschutzerklärung.

(bsc)