Update: Apple has released a new crucial security patch, fixing a WebKit flaw in iPhone and iPads
If you've got an Apple device, update its operating system now.
Apple this week pushed out updates (opens in new tab) for iPhones, iPads, Macs, Apple TV devices and Apple Watches. One flaw under active attack was patched in macOS, iOS/iPadOS 14, watchOS and tvOS, although it had already been fixed (opens in new tab) in iOS 15 and iPadOS 15.
- Powerful Mac malware can install anything — what you need to do
- The best Mac antivirus programs
- Read next: Cricket Wireless just dropped the worst thing about its cell phone plans
Many of the security vulnerabilities being fixed are quite serious, and you can bet hackers and other miscreants are already trying to exploit them, so don't sit on these updates.
How to update an iPhone, Mac or iPad
On iPhones and iPads, you can install the updates by going to Settings > General > Software Update. If you're still on iOS 14, you'll also see an option to upgrade to iOS 15, but you don't have to take it — more on that below.
On a Mac, you should see a notification that a software update is available. If not, then click the Apple icon in the top left of the screen to open the main menu, click System Preferences and then Software Update.
If you check off the box labeled "Automatically keep my Mac up to date," then you won't need to worry about any of this.
Which devices get which patches
Here's which Apple devices should be upgraded to what:
- iPhone: iOS 15.1 or iOS 14.8.1
- iPad: iPadOS 15.1 or iPadOS 14.8.1
- Mac: macOS Monterey 12.0.1 or Big Sur 11.6.1. Macs running macOS 10.15 Catalina should install security update 2021-007
- Apple Watch: watchOS 8.1
- Apple TV: tvOS 15.1
Dozens of security vulnerabilities
Even Apple's just-released macOS upgrade, Monterey, got a day-one upgrade to version 12.0.1 (opens in new tab) to fix nearly 40 security issues.
Among them were two concerning gameplay data and reported earlier this year by Russian researcher Denis Tokarev, who called out Apple last month for ignoring those issues as well as two others.
Surprisingly, those flaws were not patched in an upgrade to macOS Big Sur, which saw about 20 flaws fixes and brings the previous Mac OS to version 11.6.1 (opens in new tab). Nor were they fixed in a security update for macOS Catalina (opens in new tab), which also saw about 20 fixes but didn't get a new version number.
One flaw being attacked by hackers
The flaws already under active attack received the catalog number CVE-2021-30883 and involves a memory-corruption issue that could lead to "arbitrary code execution" — that's hacking to you and me — with kernel privileges, the highest level of system power.
It's not clear how this is being exploited or by whom. Nor is it clear why this flaw was patched on Oct. 11 with iOS 15.0.2 and iPadOS 15.0.2 but not on Apple's other operating systems until this week.
Many of the other flaws also allow arbitrary code execution if the device opens a poisonous website, PDF or image file. Some also involve kernel privileges, which get right at the gut of Apple's closely related operating systems. Others involve escalating privileges, wherein a user or process with limited abilities gains greater powers.
Do older Apple devices get fixes?
Apple's unstated but long-practiced policy is to provide fixes for the current Mac operating system (now Monterey) as well as the two previous ones (now Big Sur and Catalina). That probably means macOS 10.14 Mojave won't get any more security updates — the most recent one it got was in July.
However, Apple is making good on its newly-announced policy of providing security updates for iOS 14, the predecessor to iOS 15. Both iPhone operating systems, as well as their iPad counterparts, get security patches.
But as with the Mac patches, the older operating systems don't get all the fixins. The iOS 15 and iPadOS 15 update to version 15.1 (opens in new tab) patches 22 flaws, the iOS 14 and iPadOS 14 one to version 14.8.1 (opens in new tab) only 12. It's possible that some of the flaws left out are unique to iOS 15; after all, two patched iOS 14 flaws appear to be restricted to that OS.
The three-year-old iOS 12, which got a security patch a month ago (opens in new tab), didn't receive one this week. Apple has been unofficially supporting iOS 12 long past its sell-by date because many devices — including the iPhone 5, iPhone 6 and 6 Plus, iPad minis 2 and 3 and first-generation iPad Air — can't upgrade to iOS 13 or later. We'll see whether Apple sneaks out a patch for iOS 12 in the coming weeks.