On Monday, September 12, Apple released updates to address vulnerabilities in Safari, macOS, iOS, iPadOS, tvOS, and watchOS. Apple notes that it ”is aware of a report that this issue may have been actively exploited.” The vulnerability, which affects iOS and iPadOS, could be exploited to execute arbitrary code with kernel privileges.
- The 11 CVEs are addressed both in iOS/iPadOS 15.7 and iOS 16. iOS 16 is only available for the iPhone 8 or newer at this time, so you may want to push out 15.7 until you’re certain your fleet of devices can all run 16. If you still have devices hanging out on iOS 14, it’s time to move them to at least 15 as iOS 14 support is expected to end with the release of iOS 16. Don’t overlook the updates to watchOS, Safari and macOS. Note that Apple Watch series 4 or later is required for watchOS 9.