Introduction
On October 29, 2024 [4] [6], Apple released critical security updates for its operating systems [6], including iOS 18.1 [3] [6], iPadOS 18.1 [1] [3] [4] [6], and macOS 15.1 [1] [3] [6]. These updates addressed 77 vulnerabilities across various services, enhancing the security of Apple devices.
Description
On October 29, 2024 [4] [6], Apple released significant security updates alongside new operating system versions [6], including iOS 18.1 [3] [6], iPadOS 18.1 [1] [3] [4] [6], and macOS 15.1 [1] [3] [6], addressing a total of 77 critical vulnerabilities across its services and operating systems [2]. The updates resolved 27 vulnerabilities on iPhone and iPad [1], including a Kernel issue (CVE-2024-44239) that could allow an app to leak sensitive kernel state [4], and two WebKit flaws: CVE-2024-44261 [4], which could enable an attacker to view restricted content from the lock screen [4], and CVE-2024-44244 [4], which could prevent the enforcement of Content Security Policy when downloading malicious web content [4]. Additionally, the update fixed an App Support issue (CVE-2024-44255) that could let a malicious app execute arbitrary shortcuts without user consent [4], as well as three privacy-related bugs in Siri that could expose sensitive data [4], including contact photos [6].
On macOS [1] [6], the update addressed 50 vulnerabilities [1] [3] [5], some of which could allow unauthorized access to contact information, sensitive location data via Find My [6], and enable denial-of-service attacks from malicious images [6]. Notably, physical access to a Mac during a software update could allow an attacker to bypass the Login Window [6], and Safari’s Private Browsing mode may leak browsing history [6]. The update also includes notable vulnerabilities such as CVE-2024-44274, which affects Accessibility and allows an attacker with physical access to a locked device to view sensitive user information [3]. This issue is resolved in iOS 17.7.1 [3], iPadOS 17.7.1 [1] [3] [4] [6], watchOS 11.1 [3] [6], iOS 18.1 [1] [3] [4] [6], and iPadOS 18.1 through enhanced authentication measures [3]. Another significant fix is for CVE-2024-44282, a vulnerability in Foundation that could lead to the disclosure of user information when parsing a file [3], which has been addressed in tvOS 18.1, iOS 18.1 [1] [3] [4] [6], iPadOS 18.1 [1] [3] [4] [6], iOS 17.7.1 [3] [4] [6], iPadOS 17.7.1 [1] [3] [4] [6], macOS Ventura 13.7.1 [3] [6], macOS Sonoma 14.7.1 [3] [6], watchOS 11.1 [3] [6], and visionOS 2.1 through improved input validation [3]. Furthermore, CVE-2024-40867 [3] [4], a vulnerability in iTunes related to custom URL scheme handling that could allow an attacker to escape the Web Content sandbox [3], is also fixed in iOS 18.1 and iPadOS 18.1 with enhanced input validation.
Apple also released iOS 17.7.1 [4], which includes many of the same security fixes but is less comprehensive than iOS 18.1 [4]. This update is recommended for users with older devices to enhance security, although the likelihood of exploitation of these vulnerabilities is considered low [4], and none of the vulnerabilities are classified as zero-days [6], with no known active exploits currently in the wild. Users and administrators are strongly encouraged to review advisories and apply the necessary updates [5], as keeping software up to date is crucial for maintaining the security of their Apple products and mitigating risks from these vulnerabilities. Users can update their devices promptly by navigating to Settings > General > Software Update [3], and it is advisable to enable Automatic Updates to ensure ongoing protection against cybersecurity risks.
Conclusion
The recent security updates from Apple significantly enhance the protection of its devices by addressing numerous vulnerabilities. While the risk of exploitation is currently low, it is imperative for users to apply these updates promptly to safeguard their devices. By enabling automatic updates [3], users can ensure continuous protection against potential cybersecurity threats, thereby maintaining the integrity and security of their Apple products.
References
[1] https://lifehacker.com/tech/apple-latest-updates-include-dozens-of-security-patches-for-iphone-and
[2] https://www.infosecurity-magazine.com/news/apple-security-update-macos-ios/
[3] https://www.malwarebytes.com/blog/news/2024/10/update-your-iphone-mac-watch-apple-issues-patches-for-several-vulnerabilities
[4] https://www.forbes.com/sites/kateoflahertyuk/2024/10/29/ios-181-new-update-warning-issued-to-all-iphone-users/
[5] https://www.cisa.gov/news-events/alerts/2024/10/29/apple-releases-security-updates-multiple-products
[6] https://au.lifehacker.com/apple/111737/news/apples-latest-updates-include-more-than-75-security-patches-for-iphone-and-mac