Update Now: iOS 18.3 and macOS Sequoia 15.3 Include 20+ Security Updates

[MacRumors]

Along with new features, the iOS 18.3, iPadOS 18.3, and macOS Sequoia 15.3 updates that Apple released today include multiple security fixes, including a fix for vulnerability that may have been actively exploited on some devices.

According to Apple's security support document, there was a CoreMedia bug that could be used to elevate privileges. Apple says that it is aware of a report that the bug could have been actively exploited against versions of iOS before iOS 17.2. Apple fixed the issue with improved memory management.

Apple also addressed over 20 other vulnerabilities. One could allow an attacker with physical access to an unlocked device to access the Photos app even when an iPhone is locked, and there were several issues with AirPlay that could allow attackers to execute code or crash apps.

Two kernel vulnerabilities could let malicious apps gain kernel privileges, and there were a handful of WebKit fixes for Safari.

Because of the number of security issues fixed in the update, it is a good idea to update to the new software right away.

watchOS 11.3 and tvOS 18.3 also have a number of security fixes, so those updates should be installed as well. If you have macOS Sonoma or Ventura, Apple has released macOS 14.7.3 and macOS Ventura 13.7.3 with security improvements.

Article Link: Update Now: iOS 18.3 and macOS Sequoia 15.3 Include 20+ Security Updates

 

[jz0309]

Thank You. That is indeed a good reason to update!

 

[centauratlas]

"Because of the number of security issues fixed in the update, it is a good idea to update to the new software right away."

Exactly. Pretty much every update has security fixes, but this has a lot of them.

 

[Howard2k]

"One could allow an attacker with physical access to an unlocked device to access the Photos app even when an iPhone is locked"

How does this work?

 

[Windoes]

Thanks, there's a valid reason to upgrade in Europe!

 

[mtrm]

"One could allow an attacker with physical access to an unlocked device to access the Photos app even when an iPhone is locked"

How does this work?

Was wondering the same thing can’t understand how a phone is locked and unlocked at the same time. Schrödinger iPhone maybe?!🤔

 

[thefrost]

"One could allow an attacker with physical access to an unlocked device to access the Photos app even when an iPhone is locked"

How does this work?

I had the same thought.

 

[klasma]

That isometric false-perspective bug picture drives me insane.

 

[Biro]

Hmmm. I have to wonder about the urgency of the security patches. It’s a time-tested method used repeatedly by Apple to get everyone updated. In this case, to download AI that defaults to “on.”

 

[klasma]

allow an attacker with physical access to an unlocked device to access the Photos app even when an iPhone is locked

So the unlocked device is not the iPhone in question? 🤔

 

[Jerry Fritschle]

Hmmm. I have to wonder about the urgency of the security patches. It’s a time-tested method used repeatedly by Apple to get everyone updated. In this case, to download AI that defaults to “on.”

As is often the case, a number of these security patches are in the general Unix/Linux world, upstream from Apple. I've already seen them in my Linux VMs.

 

[bbeagle]

"One could allow an attacker with physical access to an unlocked device to access the Photos app even when an iPhone is locked"

How does this work?

A phone can be locked or unlocked. An APP can be locked or unlocked (for example - screen time says you've used that app too much, or parental restrictions)

This is the actual quote, not the modified quote written above by a few users:
Impact: An attacker with physical access to an unlocked device may be able to access Photos while the app is locked

 

[It’s always something]

Will there be a patch for iOS/iPadOS 17 too? I have devices that aren’t on 18 yet.

Edit: the article says 17.2, but maybe it really means 18.2?

 

[klasma]

(dupe)

 

[klasma]

Will there be a patch for iOS/iPadOS 17 too? I have devices that aren’t on 18 yet.

For iOS there won’t, because all devices that support iOS 17 also support iOS 18. And even for iPadOS, Apple generally doesn’t allow updates to an older version than the respective iPad supports.

 

[Howard2k]

A phone can be locked or unlocked. An APP can be locked or unlocked (for example - screen time says you've used that app too much, or parental restrictions)

This is the actual quote, not the modified quote written above by a few users:
Impact: An attacker with physical access to an unlocked device may be able to access Photos while the app is locked

Thanks. That makes far more sense.

Just incorrect wording in the article.

 

[Daalseth]

Normally I update as soon as an update is available, just for the security updates. But you know, this time Apple Intelligence will download all of its cruft and enable by default. I’m hesitating until I find a way to not just shut it off, but empty the trash as well.

 

[BigBlur]

Whatever happened to Rapid Security Responses? We've only seen a couple of them shortly after its debut way back in July 2023. There haven't been any RSRs since iOS/iPadOS 16.5.1 and macOS 13.4.1.

 

[Biro]

Whatever happened to Rapid Security Responses? We've only seen a couple of them shortly after its debut way back in July 2023. There haven't been any RSRs since iOS/iPadOS 16.5.1 and macOS 13.4.1.

Why use Rapid Security Responses when Apple can use regular updates to patch security issues and not-so-gently encourage users to update to the OS version they want us on?

 

[Jerry Fritschle]

Why use Rapid Security Responses when Apple can use regular updates to patch security issues and not-so-gently encourage users to update to the OS version they want us on?

RSRs were only useful for the sorts of patches that did not involve the SSV. But you're right, they do seem to have quietly disappeared.

 

[paulvee]

I am generally happy with the bug fix release schedule - I do think the bigger releases do not have to be so rigorously every year, but that's probably a way to sell more phones. What my gripe is may seem minor, but it pisses me off: the amount of time it takes for the WatchOS install is SO MUCH LONGER than any of the OS installs. What gives with that?" It seems to always enter a "verifying" death loop for an hour. It usually comes out of it, but what gives with that? The compute power is all offloaded to the phones, so it's not like it's limited to the watch's hardware.

 

[MysteriousStain]

No way I’m taking my XS off iOS 17

 

[PsykX]

I hope it'll also be more stable.
The release notes don't say anything, really.

Webkit - or Safari's backend - has also received a major update.

 

[DunedinD]

> Because of the number of security issues fixed in the update, it is a good idea to update to the new software right away.

Quantity of bug fixes alone shouldn't make someone rush to install, especially if there are other concerns that could be introduced in new code, like with Apple Intelligence. Maybe tell us more about the severity of any one bug that's fixed and very likely to be exploited.

 

[manuelf]

M4 Macs still struggling with 5K2K monitors? Yep. But don’t worry, Apple added Genmojis so you can at least send a cartoon version of yourself crying about it.