Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

MacRumors

macrumors bot
Original poster
Apr 12, 2001
66,066
34,919


The iOS 16.6, iPadOS 16.6, macOS Ventura 13.5, watchOS 9.6, and tvOS 16.6 updates that Apple released today address a long list of security vulnerabilities, including two that Apple says may have been actively exploited.

iOS-16.6-Feature.jpg

Apple today also released iOS 15.7.8, iPadOS 15.7.8, macOS Monterey 12.6.8, and macOS Big Sur 11.7.9 for devices that are not able to run the current release versions of the Mac, iPhone, and iPad software. These updates contain the same security improvements.

There are several fixes for kernel vulnerabilities, including one that could allow an app to modify a sensitive kernel state. This is the vulnerability that Apple says may have been actively exploited, but Apple's wording indicates that it only received reports of active exploits against versions of iOS that were released before iOS 15.7.1. It is, however, patched on all platforms.

The updates also fix a WebKit vulnerability that Apple says could have been actively exploited, but Apple first addressed this issue with the iOS 16.5.1 (c) and macOS Ventura 13.4.1 (c) Rapid Security Responses, so some iPhone, iPad, and Mac users may have already had protection from this issue.

Because these new software releases include so many security fixes, it is a good idea to install them as soon as possible. A full list of the patches that Apple has implemented can be found on Apple's security support website.

Article Link: iOS 16.6, macOS Ventura 13.5, and Other Updates Patch Actively Exploited Vulnerabilities
 
I think they may want to rethink the title to this article, from “actively” to “addresses.” Js.

The title is correct, with one exception.

iOS 16.6, macOS Ventura 13.5, and Other Updates Patch Actively Exploited Vulnerabilities​


The verb is "Patch" in this case. I'm guessing English was not a prerequisite for getting a job as a writer. They often forget or don't know that certain words should be hyphenated. In this case, it should be "Actively-Exploited". Those two words are a compound adjective and precede the noun "Vulnerabilities".
 
Last edited:
What's up with all the vulnerabilities lately? Is it because apple is ineluctably gaining marketshare , making hackers more focused on apple devices than ever ?

Software is organic, particularly in a networked environment. You generally can't write code once and have it work perfectly forever. Developers must keep a finished software project updated as individual components that it is comprised of are updated. Often those components come from third-party developers that are doing their own updates over time. A vulnerability may be in a third-party component and Apple must now update their own software to use the newly-patched component. It's not always Apple's code that has the flaws.
 
Software is organic, particularly in a networked environment. You generally can't write code once and have it work perfectly forever. Developers must keep a finished software project updated as individual components that it is comprised of are updated. Often those components come from third-party developers that are doing their own updates over time. A vulnerability may be in a third-party component and Apple has now updated their own software to use the newly-patched component. It's not always Apple's code that has the flaws.
What I'm saying is, we've been having a LOT of these safari vulnerability fixes lately (for actively exploited flaws)

Way more than we usually get , I feel ? More than we used to , at least. Say a year ago, there weren't as many security updates following each other
 
Anyone else think there's just way too many of these things lately? Feels like it's never-ending!
I'm glad that Apple is responding quickly to address vulnerabilities as they are discovered and fixes are produced. Much better than running code for weeks that has known vulnerabilities, potentially even with known exploit code out in the wild.
 
The title is correct, with one exception.

iOS 16.6, macOS Ventura 13.5, and Other Updates Patch Actively Exploited Vulnerabilities​


The verb is "Patch" in this case. I'm guessing English was not a prerequisite for getting a job as a writer. They often forget or don't know that certain words should be hyphenated. In this case, it should be "Actively-Exploited". Those two words are a compound adjective and precede the noun "Vulnerabilities".
I can’t speak for all style guides, but AP style recommends against using a hyphen between an adverb and the adjective it modifies because the relationship between the two is usually clear without a hyphen.
 
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.