Apple has released a security update for a large number of devices running current and recent versions of iOS, iPadOS and macOS.
iOS and iPadOS 18.6.2, macOS 15.6.1, macOS 14.7.8, macOS 13.7.8, and iPadOS 17.7.10 have all been released and address a vulnerability that Apple says has been actively exploited by criminals “in an extremely sophisticated attack against specific targeted individuals.”
The vulnerability allows criminals to create a memory corruption by sending a malicious image file to a device. Memory corruptions can often be used to find ways to attack other parts of an operating system.
With Apple releasing the security update to the three most recent versions of macOS, it is ensuring it mitigates the risk of an attack on the vast majority of Mac users.
While flaws like this might not impact everyone today, criminals rely on the lag time between a patch being released and it being installed as this gives them a time window in which they can attack. Ensuring updates are installed automatically minimises the risk of a disclosed vulnerability being used by a criminal.
Why do I use the word criminal?
You’ll notice that I can these attackers criminals. In cybersecurity circles, terms like threat actor, malicious party and unauthorised user are often used. But I think these sanitise what is really going on.
The people that use these vulnerabilities to steal data, extort people or purposely interrupt business operations are criminals. And I think they deserve to be identified that way.
Anthony is the founder of Australian Apple News. He is a long-time Apple user and former editor of Australian Macworld. He has contributed to many technology magazines and newspapers as well as appearing regularly on radio and occasionally on TV.