Apple has released updates for iCloud for Windows, Safari, tvOS, watchOS, macOS Monterey, Big Sur, and Ventura, and iOS and iPadOS. The updates for iOS and iPadOS (version 16.2) address more than 30 security issues, including an actively exploited type confusion vulnerability (CVE-2022-42856) in the WebKit browser engine that is being actively exploited. Apple has also released iOS 15.7.2 and iPadOS 15.7.2 to address vulnerabilities for devices that are unable to run iOS 16.
- As usual, Apple updated “everything.” There is a lot of overlap between Apple’s operating systems. In addition to fixing vulnerabilities, Apple added the ability to enable encryption for many iCloud resources, most notably backups. Carefully read the instructions as you enable these features. Once enabled, Apple by design is no longer able to recover your data in case you lose access to your iCloud account.
- This was a busy week for Apple, releasing updates for macOS 11, 12 and 13, Safari 16.2, watchOS 9.2. A couple of weeks ago Apple quietly dropped iOS 16.1.2 and a critical fix to iOS 16.2 beta to address a zero-day: these fixes are included in 16.2 if you didn’t get 16.1.2 deployed. iOS and iPadOS 16.2 allow for more uses of end-to-end encryption with iCloud storage. Push out the updates to iOS/iPadOS quickly so you can have bandwidth for your regression testing for macOS/Safari. The iOS 15 updates work for devices back to the iPhone 6s; these are six- to seven-year-old devices you really need to replace.
Read more in
- Apple security updates
- About the security content of iOS 16.2 and iPadOS 16.2
- About the security content of iOS 15.7.2 and iPadOS 15.7.2
- iOS 16.2: These security updates will protect your iPhone from multiple vulnerabilities
- Only iPhones that can’t run iOS 16 are getting new iOS 15 updates
- Apple Zero-Day Actively Exploited on iPhone 15