iOS 15.7.5, iPadOS 15.7.5, macOS Monterey 12.6.5 and macOS Big Sur 11.7.6 fix a dangerous vulnerability that Apple says may have been exploited in the wild.
- What’s happening? Apple has launched the new iOS 15.7.5, iPadOS 15.7.5, macOS Monterey 12.6.5 and macOS Big Sur 11.7.6 updates for older devices.
- Why care? The releases fix a vulnerability that has been used by nefarious actors. Updating your devices protects you from this dangerous exploit.
- What to do? Use Apple’s Software Update feature to install the updates.
Apple patches a dangerous vulnerability on older iPhones, iPads and Macs
On April 10, 2023, Apple launched critical software updates for older iPhone, iPad and Mac models to patch an exploit that could permit a rogue app to execute dangerous code with kernel privileges. The company already addressed this problem for newer devices capable of running its latest and greatest operating systems, and now this same fix has been released for older devices.
Here are the updates Apple released today:
- iOS 15.7.5 for the first-generation iPhone SE, all iPhone 6s and iPhone 7 models and the seventh-generation iPod touch.
- iPadOS 15.7.5 for the iPad Air 2 and fourth-generation iPad mini.
- macOS Monterey 12.6.5 for all Macs running any version of macOS Monterey.
- macOS Big Sur 11.7.6 for all Macs running any version of macOS Big Sur.
How to install iOS 15.7.5, iPadOS 15.7.5, macOS Monterey 12.6.5 and macOS Big Sur 11.7.6
You can install these updates using Apple’s Software Update mechanism. To download and install iOS or iPadOS 15.7.5, go to Settings > General > Software Update, then hit Install Now or Download and Install.
To apply the macOS Monterey 12.6.5 or the macOS Big Sur 11.7.6 update, click the Apple menu and choose System Preferences, then click the Software Update icon. When your Mac finishes checking for updates, click the button to download and install macOS Monterey 12.6.5 or macOS Big Sur 11.7.6.
What’s new in iOS 15.7.5, iPadOS 15.7.5, macOS Monterey 12.6.5 and macOS Big Sur 11.7.6?
The updates fix an exploit that could allow an app to execute arbitrary code with kernel privileges. “Apple is aware of a report that this issue may have been actively exploited,” the company notes. It was fixed with improved input validation.
Details are available in Apple’s security documents:
- About the security content of macOS Big Sur 11.7.6
- About the security content of macOS Monterey 12.6.5
- About the security content of iOS 15.7.5 and iPadOS 15.7.5
Aside from the aforementioned fix, iOS 15.7.5 and iPadOS 15.7.5 also include a patch for a WebKit issue (Safari’s rendering engine) where processing maliciously crafted web content could lead to arbitrary code execution.
This issue has also been actively exploited in the wild. Don’t worry, Apple’s patched both vulnerabilities on its other devices with the iOS 16.4.1, iPadOS 16.4.1 and macOS Ventura 13.3.1 software updates. Safari 16.4.1 was separately pushed via Software Update to fix the above WebKit issue on Big Sur and Monterey Macs.
Should I update ASAP?
At the core of macOS, the kernel has complete control over everything in the operating system while interfacing between the software and the hardware. Allowing a rogue app to execute malware code with kernel privileges opens the door to all kinds of nasty security and privacy breaches. That’s why this particular exploit is dangerous and why Apple has bothered to release a fix for older devices.
Yes, you should update as soon as possible!