After releasing iOS 17.4 on Tuesday with new emoji and massive App Store changes in the EU, Apple on Thursday sent out updates for the rest of its operating systems, including macOS 14.4, watchOS 10.4 and visionOS 1.1, the first major update for Apple’s new Vision Pro headset. Among the usual bug fixes and improvements, including new emoji for your Mac, improvements to Persona and EyeSight on Vision Pro, and a new Double Tap feature on Apple Watch, the updates include fixes for a mountain of safety concerns, at least two of which have been exploited in the wild.
All told, the updates include over 75 unique security updates affecting every corner of the Apple ecosystem. Here are the important statistics you need to know:
macOS Sonoma 14.4
Security updates: 64
Notable fixes: Airport (CVE-2024-23227), Dock (CVE-2024-23244), Safari private navigation (CVE-2024-23273)
macOS Monterey 12.7.4/macOS Ventura 13.6.5
Security updates: 25
Notable fixes: Intel Graphics Driver (CVE-2024-23234), Notes (CVE-2024-23283), Shortcuts (CVE-2024-23204)
watchOS 10.4
Security updates: 24
Notable fixes: Messages (CVE-2024-23287), Sandbox (CVE-2024-23290), Siri (CVE-2024-23293)
tvOS 17.4
Security updates: 24
Notable fixes: CoreBluetooth – LE (CVE-2024-23250), Image Processing (CVE-2024-23270), UIKit (CVE-2024-23246)
visionOS 1.1
Security updates: 16
Notable fixes: Accessibility (CVE-2024-23262), Persona (CVE-2024-23295), WebKit (CVE-2024-23263)
iOS 17.4 and iPadOS 17.4
Security updates: 40
Notable fixes: Bluetooth (CVE-2024-23277), Photos (CVE-2024-23255), Synapse (CVE-2024-23242)
iOS 16.7.6 and iPadOS 16.7.6
Security updates: 18
Notable fixes: CoreCrypto (CVE-2024-23218), Metal (CVE-2024-23264), Safari (CVE-2024-23259)
Apple also fixed a zero-day flaw on all of its devices affecting Kernel and RTKit that could have been exploited in the wild:
Core
- Impact: An attacker with arbitrary kernel read and write capabilities may be able to bypass kernel memory protections. Apple is aware of a report that this issue may have been exploited.
- Description: A memory corruption issue has been resolved with improved validation.
- CVE-2024-23225
RTKit
- Impact: An attacker with arbitrary kernel read and write capabilities may be able to bypass kernel memory protections. Apple is aware of a report that this issue may have been exploited.
- Description: A memory corruption issue has been resolved with improved validation.
- CVE-2024-23296
To update your Apple device, go to the Settings app (or System Settings on a Mac) and search for General. Then select Software update and follow the instructions.
Table of Contents
