Apple issues urgent security fixes for iPhones, iPads and Macs — update now

A blue iPhone 13 held in front of green foliage
(Image credit: Tom's Guide)

Update: Apple has released a new crucial security patch, fixing a WebKit flaw in iPhone and iPads

If you've got an Apple device, update its operating system now.

Apple this week pushed out updates for iPhones, iPads, Macs, Apple TV devices and Apple Watches. One flaw under active attack was patched in macOS, iOS/iPadOS 14, watchOS and tvOS, although it had already been fixed in iOS 15 and iPadOS 15.

Many of the security vulnerabilities being fixed are quite serious, and you can bet hackers and other miscreants are already trying to exploit them, so don't sit on these updates.

How to update an iPhone, Mac or iPad

On iPhones and iPads, you can install the updates by going to Settings > General > Software Update. If you're still on iOS 14, you'll also see an option to upgrade to iOS 15, but you don't have to take it — more on that below.

On a Mac, you should see a notification that a software update is available. If not, then click the Apple icon in the top left of the screen to open the main menu, click System Preferences and then Software Update. 

If you check off the box labeled "Automatically keep my Mac up to date," then you won't need to worry about any of this.

Which devices get which patches

Here's which Apple devices should be upgraded to what:

  • iPhone: iOS 15.1 or iOS 14.8.1
  • iPad: iPadOS 15.1 or iPadOS 14.8.1
  • Mac: macOS Monterey 12.0.1 or Big Sur 11.6.1. Macs running macOS 10.15 Catalina should install security update 2021-007
  • Apple Watch: watchOS 8.1
  • Apple TV: tvOS 15.1

Dozens of security vulnerabilities

Even Apple's just-released macOS upgrade, Monterey, got a day-one upgrade to version 12.0.1  to fix nearly 40 security issues. 

Among them were two concerning gameplay data and reported earlier this year by Russian researcher Denis Tokarev, who called out Apple last month for ignoring those issues as well as two others.

Surprisingly, those flaws were not patched in an upgrade to macOS Big Sur, which saw about 20 flaws fixes and brings the previous Mac OS to version 11.6.1. Nor were they fixed in a security update for macOS Catalina, which also saw about 20 fixes but didn't get a new version number.

One flaw being attacked by hackers

The flaws already under active attack received the catalog number CVE-2021-30883 and involves a memory-corruption issue that could lead to "arbitrary code execution" — that's hacking to you and me — with kernel privileges, the highest level of system power. 

It's not clear how this is being exploited or by whom. Nor is it clear why this flaw was patched on Oct. 11 with iOS 15.0.2 and iPadOS 15.0.2 but not on Apple's other operating systems until this week.

Many of the other flaws also allow arbitrary code execution if the device opens a poisonous website, PDF or image file. Some also involve kernel privileges, which get right at the gut of Apple's closely related operating systems. Others involve escalating privileges, wherein a user or process with limited abilities gains greater powers.

Do older Apple devices get fixes?

Apple's unstated but long-practiced policy is to provide fixes for the current Mac operating system (now Monterey) as well as the two previous ones (now Big Sur and Catalina). That probably means macOS 10.14 Mojave won't get any more security updates — the most recent one it got was in July.

However, Apple is making good on its newly-announced policy of providing security updates for iOS 14, the predecessor to iOS 15. Both iPhone operating systems, as well as their iPad counterparts, get security patches.

But as with the Mac patches, the older operating systems don't get all the fixins. The iOS 15 and iPadOS 15 update to version 15.1  patches 22 flaws, the iOS 14 and iPadOS 14 one to version 14.8.1 only 12. It's possible that some of the flaws left out are unique to iOS 15; after all, two patched iOS 14 flaws appear to be restricted to that OS.

The three-year-old iOS 12, which got a security patch a month ago, didn't receive one this week. Apple has been unofficially supporting iOS 12 long past its sell-by date because many devices — including the iPhone 5, iPhone 6 and 6 Plus, iPad minis 2 and 3 and first-generation iPad Air — can't upgrade to iOS 13 or later. We'll see whether Apple sneaks out a patch for iOS 12 in the coming weeks.

Paul Wagenseil

Paul Wagenseil is a senior editor at Tom's Guide focused on security and privacy. He has also been a dishwasher, fry cook, long-haul driver, code monkey and video editor. He's been rooting around in the information-security space for more than 15 years at FoxNews.com, SecurityNewsDaily, TechNewsDaily and Tom's Guide, has presented talks at the ShmooCon, DerbyCon and BSides Las Vegas hacker conferences, shown up in random TV news spots and even moderated a panel discussion at the CEDIA home-technology conference. You can follow his rants on Twitter at @snd_wagenseil.