Some of the vulnerabilities, Apple warned, may already have been exploited.
The US Cybersecurity and Infrastructure Security Agency (CISA) has also called on users and admins to address the issues quickly.
“Apple has released security updates to address vulnerabilities in multiple products,” CISA said in an overnight alert. “An attacker could exploit some of these vulnerabilities to take control of an affected device.”
The security updates cover the following operating systems:
- iOS 16.6 and iPadOS 16.6
- iOS 15.7.8 and iPadOS 15.7.8
- macOS Ventura 13.5
- macOS Monterey 12.6.8
- macOS Big Sur 11.7.9
- Safari 16.6
- tvOS 16.6
- watchOS 9.6
The bugs range from a Safari browser webkit issue that could lead to arbitrary code execution, to kernel issues in iOS 16.6 and iPadOS 16.6 that could again lead to code execution. One issue, in particular, may already have been taken advantage of.
“An app may be able to modify sensitive kernel state,” Apple said in an advisory. “Apple is aware of a report that this issue may have been actively exploited against versions of iOS released before iOS 15.7.1.”
Apple said a similar bug in iOS 15.7.8 and iPadOS 15.7.8 may also have been exploited, along with vulnerabilities in tvOS 16.6 and kernel and webkit issues in watchOS 9.6.
David Hollingworth
David Hollingworth has been writing about technology for over 20 years, and has worked for a range of print and online titles in his career. He is enjoying getting to grips with cyber security, especially when it lets him talk about Lego.
