Headline
Update now! Apple releases new security patches for vulnerabilities in iPhones, Macs, and more
Apple has released security patches for most of its operating systems, including iOS, Mac, iPadOS, Safari, and visionOS.
Apple has released security patches for most of its operating systems, including iOS, Mac, iPadOS, Safari, and visionOS.
To check if you’re using the latest software version, go to Settings (or System Settings) > General > Software Update. It’s also worth turning on Automatic Updates if you haven’t already, which you can do on the same screen.
iPadOS update available
Updates are available for:
Safari 18.2
macOS Ventura and macOS Sonoma
iOS 18.2 and iPadOS 18.2
iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and later
iPadOS 17.7.3
iPad Pro 12.9-inch 2nd generation, iPad Pro 10.5-inch, and iPad 6th generation
macOS Sequoia 15.2
macOS Sequoia
macOS Sonoma 14.7.2
macOS Sonoma
macOS Ventura 13.7.2
macOS Ventura
watchOS 11.2
Apple Watch Series 6 and later
tvOS 18.2
Apple TV HD and Apple TV 4K (all models)
visionOS 2.2
Apple Vision Pro
Technical details
Noteworthy is a vulnerability in the open-source XML parser libexpat tracked as CVE-2024-45490. This vulnerability has been patched in several popular applications since it was discovered in August.
An important one is the vulnerability tracked as CVE-2024-54529 which is found in the Audio component of macOS and could allow an app to execute arbitrary code with kernel privileges. This means that if you install a malicious app that can exploit this vulnerability, it could take over your system.
We don’t just report on phone security—we provide it
Cybersecurity risks should never spread beyond a headline. Keep threats off your mobile devices by downloading Malwarebytes for iOS, and Malwarebytes for Android today.
Related news
Red Hat Security Advisory 2024-7599-03 - Red Hat OpenShift Container Platform release 4.16.16 is now available with updates to packages and images that fix several bugs and add enhancements. Issues addressed include code execution, denial of service, integer overflow, and out of bounds write vulnerabilities.
Red Hat Security Advisory 2024-6754-03 - An update for expat is now available for Red Hat Enterprise Linux 9. Issues addressed include an integer overflow vulnerability.
Debian Linux Security Advisory 5770-1 - Shang-Hung Wan discovered multiple vulnerabilities in the Expat XML parsing C library, which could result in denial of service or potentially the execution of arbitrary code.
Ubuntu Security Notice 7000-2 - USN-7000-1 fixed vulnerabilities in Expat. This update provides the corresponding updates for Ubuntu 22.04 LTS. Shang-Hung Wan discovered that Expat did not properly handle certain function calls when a negative input length was provided. An attacker could use this issue to cause a denial of service or possibly execute arbitrary code.
Ubuntu Security Notice 7001-2 - USN-7001-1 fixed vulnerabilities in xmltol library. This update provides the corresponding updates for Ubuntu 24.04 LTS. Shang-Hung Wan discovered that Expat, contained within the xmltok library, did not properly handle certain function calls when a negative input length was provided. An attacker could use this issue to cause a denial of service or possibly execute arbitrary code.
Ubuntu Security Notice 7001-1 - Shang-Hung Wan discovered that Expat, contained within the xmltok library, did not properly handle certain function calls when a negative input length was provided. An attacker could use this issue to cause a denial of service or possibly execute arbitrary code. Shang-Hung Wan discovered that Expat, contained within the xmltok library, did properly handle the potential for an integer overflow on 32-bit platforms. An attacker could use this issue to cause a denial of service or possibly execute arbitrary code.
Ubuntu Security Notice 7000-1 - Shang-Hung Wan discovered that Expat did not properly handle certain function calls when a negative input length was provided. An attacker could use this issue to cause a denial of service or possibly execute arbitrary code. Shang-Hung Wan discovered that Expat did properly handle the potential for an integer overflow on 32-bit platforms. An attacker could use this issue to cause a denial of service or possibly execute arbitrary code.