PSA: Safari Security Flaw 'Actively Exploited,' Update Your Apple Devices Now

[MacRumors]

This week, Apple released critical software updates for Safari which fix a security flaw that exists in the browser across iPhone, iPad, and Mac platforms. Here's what you need to know.

Specifically, the platform-wide fix is for a vulnerability in Safari's WebKit engine that Apple believes may have been "actively exploited" in the wild by hackers.

The flaw, according to Apple, could allow bad actors to "process maliciously crafted web content" that may lead to "arbitrary code execution."

An additional fix that exists in the latest update for macOS Monterey, 12.5.1, relates to a vulnerability that may allow an application to "execute arbitrary code with kernel privileges."

In other words, it could allow hackers to access the deepest layer of the operating system and take complete control of the affected device. Apple says it is aware of a report that this issue may also have been actively exploited.

If you haven't updated already, it's important to do so at the earliest opportunity. The latest critical updates are as follows:

• iOS 15.6.1
• iPadOS 15.6.1
• macOS Monterey 12.5.1
• Safari 15.6.1 for macOS Big Sur and macOS Catalina

To update your iPhone or iPad, head to Settings -> General -> Software Update. To update your Mac, open System Preferences and select the Software Update preference pane.

Article Link: PSA: Safari Security Flaw 'Actively Exploited,' Update Your Apple Devices Now

 

[dantracht]

While the security fixes are always important and appreciated, I’ve moved to Edge, which work far far better than Safari has been lately on my M1 fleet.

 

[xxray]

Uhh is this fixed in the iOS/iPadOS/macOS 16 betas??

 

[nkgmd]

What about the Developer Betas?

 

[Havalo]

Never ending cat and mouse game…

 

[syklee26]

Why does Safari always have to be updated with iOS update? Can't they just patch flaws independently?

 

[StuBeck]

I'd be useful if they detailed this when the updates came out. Waiting two days to explain why you should update is a bit silly. Its just creating a problem that shouldn't exist.

 

[nvmls]

Don't worry Apple, no one uses it anyways 🤣

 

[Spaceboi Scaphandre]

Jokes on you. I don't use Safari.

EDIT: Why are you disliking over the browser I use?

 

[orbital~debris]

What would be really useful would be a status message (in System Preferences?) for Apple to inform you if any of your devices have been compromised – so you can erase them and reinstall the OS.

 

[MrRom92]

I wonder if this is why we got new betas only one week after the last one? It would be nice if they clarified whether or not this bug is patched in any of the iOS 16 betas.

 

[RedDeliciousPinkLady]

And if our devices are so old that they can't reach those OS versions, we're supposed to just not use them anymore, right? It sounds like a sarcastic question, but is that actually, in the grand scheme of security, what we're supposed to be doing?

 

[BootsWalking]

The flaw, according to Apple, could allow bad actors to "process maliciously crafted web content" that may lead to "arbitrary code execution."

This man has been brought in for questioning:

 

[Crowbot]

And if our devices are so old that they can't reach those OS versions, we're supposed to just not use them anymore, right? It sounds like a sarcastic question, but is that actually, in the grand scheme of security, what we're supposed to be doing?

That's just the reality of technology. At some point it becomes financially prohibitive to update older devices. Ironically, the hardware is so well made that it lasts longer than its firmware viability does.

 

[MayaUser]

And if our devices are so old that they can't reach those OS versions, we're supposed to just not use them anymore, right? It sounds like a sarcastic question, but is that actually, in the grand scheme of security, what we're supposed to be doing?

kind of planned obsolete
Buy a new phone that support it and run it very well
Update and suffer the slower iOS on your old device if still support it (i saw how iOS15 works on iphone 7 and 8)
Or suffer the security flaw that Apple provides

 

[chkay]

And if our devices are so old that they can't reach those OS versions, we're supposed to just not use them anymore, right? It sounds like a sarcastic question, but is that actually, in the grand scheme of security, what we're supposed to be doing?

You knew perfectly well when you bought your device that software updates are only provided for so long. It's not a new thing.

 

[Apple_Robert]

These are the kinds of articles I like to see. Thanks, MR.

 

[MacWanker]

This is like one of those fake phishing texts from Chase bank that you get worried about for a second...... until you remember that you don't use Chase.
Much like Safari.

 

[adib]

And if our devices are so old that they can't reach those OS versions, we're supposed to just not use them anymore, right? It sounds like a sarcastic question, but is that actually, in the grand scheme of security, what we're supposed to be doing?

In this specific case, not use them to load web pages.

 

[adib]

This is like one of those fake phishing texts from Chase bank that you get worried about for a second...... until you remember that you don't use Chase.
Much like Safari.

.. You also must not use Mail or any application that uses the built-in web view.

 

[AppleTO]

Ugh, this is really annoying in a business environment. We can’t always have all our macs on the latest OS version.

Is the safari update available separately?

 

[centauratlas]

Why does Safari always have to be updated with iOS update? Can't they just patch flaws independently?

The thing is that on 11.6.8, it was a Safari vs entire OS update. I think there was a kernel issue in 12 also.

 

[MacWanker]

.. You also must not use Mail or any application that uses the built-in web view.

Correct.

 

[Heat_Fan89]

And if our devices are so old that they can't reach those OS versions, we're supposed to just not use them anymore, right? It sounds like a sarcastic question, but is that actually, in the grand scheme of security, what we're supposed to be doing?

Then you do what I did with my 2012 Mac Mini. You install Ubuntu 22.04 which can be made to look like macOS. It's free and is based on long term service.

 

[falkon-engine]

The flaw, according to Apple, could allow bad actors to "process maliciously crafted web content" that may lead to "arbitrary code execution."

This man has been brought in for questioning:
View attachment 2044810

Fresh Prince is classic. Blasphemy!