Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

Update Now: iOS 18.4.1 and macOS Sequoia 15.4.1 Address Actively Exploited Vulnerabilities

This is getting little tiring.
Every single time there is another iOS released, there are actively exploited vulnerabilities.

It is great that Apple is fixing the the vulnerabilities, but it gets old so quick.
Where the heck is the rapid security response?!

And this is weird, only Sequoia? Neither does Sonoma nor Ventura have an update?
 
  • Disagree
  • Like
Reactions: StevesBobs and lkrupp
imagineadam said:
Has anyone actually ever been hacked? Still rolling on 16.7.2 on my 14 pro…. You don’t ever see any horror stories of people having their iPhone hacked because they didn’t update. At least I haven’t.
Click to expand...
John Kelly, who was Secretary of Homeland Security (and White House Chief of Staff) for part of Trump's first term, had his personal cell phone hacked. I don't think it was ever made clear whether it was an iPhone or Android device though.
 
If these are major bugs and it's recommended that users update, what is wrong with asking for more transparency on what those bugs are. Maybe if you are a journalist or politician, you have more vulnerability and care, but I'm just some average person and I'm being told you must install this update because of unspecified bug exploitations? What Exploitations? Are we in a Mission Impossible scenario where if I don't update my phone will Explode in 5 seconds? There are always going to be bad actors who want to exploit something. Whether or not one cares is really up to them and it's their job to be more secure. You asked me to update my devices today because of security fixes. Great. What security fixes and what would happen if I don't update it?
 
  • Like
  • Wow
Reactions: 173080 and gusmula
sjsharksfan12 said:
If these are major bugs and it's recommended that users update, what is wrong with asking for more transparency on what those bugs are. Maybe if you are a journalist or politician, you have more vulnerability and care, but I'm just some average person and I'm being told you must install this update because of unspecified bug exploitations? What Exploitations? Are we in a Mission Impossible scenario where if I don't update my phone will Explode in 5 seconds? There are always going to be bad actors who want to exploit something. Whether or not one cares is really up to them and it's their job to be more secure. You asked me to update my devices today because of security fixes. Great. What security fixes and what would happen if I don't update it?
Click to expand...
The release notes do say what the bugs are and some about how they are exploited.
 
  • Like
Reactions: centauratlas
JohnC1959 said:
The release notes do say what the bugs are and some about how they are exploited.
Click to expand...

So I read the release notes and both for IOS and Ipad OS, they say "extremely sophisticated attack". Then my next question is can you be more specific. When was this attack? Was it recently? Where did it come from. Stuff like that. If it was extremely sophisticated, then it must of been serious to the point where being more transparent about it seems like a reasonable request.

Also, there are bad faith actors every day. I would think there would be a lot more attacks, to the point where we are updating our devices every day. Seems like Apple could do a better job at security proofing their stuff, and that's where the Beta process comes in.
 
sjsharksfan12 said:
So I read the release notes and both for IOS and Ipad OS, they say "extremely sophisticated attack". Then my next question is can you be more specific. When was this attack? Was it recently? Where did it come from. Stuff like that. If it was extremely sophisticated, then it must of been serious to the point where being more transparent about it seems like a reasonable request.
Click to expand...
I'm only guessing now, but for them to give the specifics of a particular crime would do what police never want. They don't want key evidence (suspects, methods, motives, etc.) released prior to an indictment because it could end up messing up their case. So they tell people the sort of risk and give a fix.
 
  • Like
Reactions: LV426
sjsharksfan12 said:
So I read the release notes and both for IOS and Ipad OS, they say "extremely sophisticated attack". Then my next question is can you be more specific. When was this attack? Was it recently? Where did it come from. Stuff like that. If it was extremely sophisticated, then it must of been serious to the point where being more transparent about it seems like a reasonable request.

Also, there are bad faith actors every day. I would think there would be a lot more attacks, to the point where we are updating our devices every day. Seems like Apple could do a better job at security proofing their stuff, and that's where the Beta process comes in.
Click to expand...
They don’t hand out details because it would make it easier for copycat criminals to take advantage of anyone who’s tardy or negligent with the patch.
 
  • Like
Reactions: laz232 and Chuckeee
"extremely sophisticated attack against specific targeted individuals." So likely State-sponsored stuff. Likely China.
 
  • Like
Reactions: centauratlas
sjsharksfan12 said:
Also, there are bad faith actors every day. I would think there would be a lot more attacks, to the point where we are updating our devices every day. Seems like Apple could do a better job at security proofing their stuff, and that's where the Beta process comes in.
Click to expand...
I'm not sure that attacks are happening every day or not. I don't have data to support either. But it's reasonable many attacks aren't widely reported or even fully known about even by the victims. But even if there were a lot of attacks they may all leverage a smaller set of vulnerabilities so fix one and you remove (for those that update) multiple attacks. The Beta process probably isn't where you security proof the software as such use, as varied as it is, doesn't push the limits of the internal core software the way a hacker would. The way you guard against such attacks lies mostly in what is called unit testing. This is where you test individual low level software functions by subjecting them to extreme inputs that you may not even expect in real use. But that's only as good as the person writing that unit test. I can't really say Apple is doing a bad job, at least compared to other companies. Yes, they do have flaws but they do seem to fix them before the flaw is widely leveraged most of the time. Hopefully it also feeds back into their process to improve unit testing.
 
Yoda Mann said:
"extremely sophisticated attack against specific targeted individuals." So likely State-sponsored stuff. Likely China.
Click to expand...
Very possible but I certainly wouldn't exclude hackers just out to rip someone off and not state sponsored. Individuals can get pretty darn clever and creative.
 
JohnC1959 said:
I just know some hacker wants photos of my dogs! He can't have them!
Click to expand...
And that’s one big factor when it comes to security. What are you securing? Does it have credit card or banking information saved on it? How about banking or email passwords? How about contacts information such as addresses and phone numbers? What could they do with that information? If you’re even concerned a little bit, just momentarily put yourself in the position of someone that just gained access to your phone and think what bad things you could do. If you determine that there’s not a whole lot of bad things you can do then you’re perfectly fine.
 
  • Like
Reactions: gusmula and laz232
russell_314 said:
And that’s one big factor when it comes to security. What are you securing? Does it have credit card or banking information saved on it? How about banking or email passwords? How about contacts information such as addresses and phone numbers? What could they do with that information? If you’re even concerned a little bit, just momentarily put yourself in the position of someone that just gained access to your phone and think what bad things you could do. If you determine that there’s not a whole lot of bad things you can do then you’re perfectly fine.
Click to expand...
agree. My phone actually does have important private information which is why I take multiple steps to keep things secure.
 
  • Like
Reactions: russell_314
So does this one fix 3rd party widgets turning white? they worked 2 updates ago now they have been broken if using tinted icons
 
  • Haha
Reactions: HighwaySnowman
Of course when I got home from my college campus, I had my M1 MacBook Air update during dinner alongside the iPhone 14 I started using last week.
 
Good to see that the update is fixing the vulnerability. Will be updating my devices shortly.
 
  • Like
Reactions: mganu
decafjava said:
All "bad actors" - plus lots of organized criminal hackers. If Al Capone was around today he'd be a neckbeard hacker. There surely are mayn out there, too much potential loot to get.

I will update my phone and ATV later, too bad my Mac is too old for that.
Click to expand...
Highly unlikely that your Mac is too old.

github.com

GitHub - dortania/OpenCore-Legacy-Patcher: Experience macOS just like before

Experience macOS just like before. Contribute to dortania/OpenCore-Legacy-Patcher development by creating an account on GitHub.
github.com github.com
 
B4U said:
This is getting little tiring.
Every single time there is another iOS released, there are actively exploited vulnerabilities.

It is great that Apple is fixing the the vulnerabilities, but it gets old so quick.
Where the heck is the rapid security response?!

And this is weird, only Sequoia? Neither does Sonoma nor Ventura have an update?
Click to expand...
That’s the typical cat and mouse game that always goes on. It’s no different with any other operating system.

I would love to see the rapid security response updates. It feels like Apple abandoned it. It’s kind of weird after they made a big deal out of it. I kind of wonder if there is a reason they abandoned it. Perhaps governments saw this as a way to force Apple to inject malicious code into the operating system. Who knows that’s just a random thought that has no basis in facts that are publicly known.

I suspect older versions of macOS aren’t going to get some updates as quickly if at all. If you have a high threat model, you should be using the latest version of any operating system. Most of these exploits are not going to be used against the average person. These are carried out by governments and similar entities. You’re probably fine unless you have a government interested in you.
 
  • Like
Reactions: B4U
imagineadam said:
Has anyone actually ever been hacked? Still rolling on 16.7.2 on my 14 pro…. You don’t ever see any horror stories of people having their iPhone hacked because they didn’t update. At least I haven’t.
Click to expand...

I accidentally tapped on update tonight at some point, but normally I keep my devices on x.0. Don’t want to bother learning new bugs if I update.

Apple really ought to split these software release into seperate sections:
New features
Remove features
Security updates
Bug fixes

Right now we get them lumpsum and it’s freaking annoying.
 
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom
Back