What just happened? Apple has released a critical security update addressing a CoreMedia vulnerability that could allow attackers to escalate privileges on affected devices. The tech giant confirmed that this bug may have been actively exploited against versions of iOS prior to iOS 17.2, which was released in December 2023. Apple has now fixed the issue across its product line by implementing improved memory management.
The latest update, which includes iOS 18.3, iPadOS 18.3, and macOS Sequoia 15.3, addresses more than 20 additional vulnerabilities. These include a flaw that could allow an attacker with physical access to an unlocked device to open the Photos app even when the iPhone is locked, several AirPlay issues that could permit code execution or app crashes, and two kernel vulnerabilities that could enable malicious apps to gain kernel privileges. The update also includes a handful of WebKit fixes for Safari.
Given the severity and number of security issues addressed, users are strongly advised to update their devices immediately. The security patches extend beyond iOS and macOS, with watchOS 11.3 and tvOS 18.3 also receiving important security fixes.
For users still running macOS Sonoma or Ventura, Apple has released macOS 14.7.3 and macOS Ventura 13.7.3 with corresponding security updates.
Last year, Apple addressed at least seven vulnerabilities that were reported to have been "actively exploited" in the wild, according to TechCrunch. It's worth noting that seven zero-day vulnerabilities fixed by Apple in 2024 represent a significant improvement compared to the previous year. In 2023, Apple had to address a total of 20 zero-day flaws that were exploited in the wild.
In addition to the security updates, the latest macOS Sequoia 15.3 release introduces new features powered by Apple Intelligence. This update marks the third phase of Apple's AI integration, building upon the features introduced in macOS Sequoia 15.2 over six weeks ago. The new update brings Genmoji creation to Messages and other apps, leveraging Apple's AI capabilities.
Also, for the first time, Apple Intelligence is now enabled by default on macOS systems with Apple Silicon processors. This change comes alongside other enhancements and bug fixes for Mac users. The update is available for all Sequoia-compatible Macs.
Information Systems & Computing suggests that administrators of institution-owned systems consider restricting Apple Intelligence using tools such as Jamf. Individual users are advised to carefully consider whether they wish to run beta software on their macOS systems.