Security & Privacy

Apple patches 1st in-the-wild exploited bug of 2024 in macOS Sonoma 14.3, iOS 17.3 and more

Posted on by

On Monday, January 22, Apple released operating system updates that introduced new features and fixed security vulnerabilities. According to Apple, one of those vulnerabilities “may have been exploited” in the wild. Let’s take a look at some of the highlights of this week’s updates.

In this article:

  • macOS Sonoma 14.3
  • macOS Ventura 13.6.4
  • macOS Monterey 12.7.3
  • Safari 17.3 for macOS Ventura and Monterey
  • iOS 17.3 and iPadOS 17.3
  • iOS 16.7.5 and iPadOS 16.7.5
  • iOS 15.8.1 and iPadOS 15.8.1
  • watchOS 10.3
  • tvOS 17.3
  • How to install Apple security updates
  • How can I learn more?

macOS Sonoma 14.3

Available for:
All supported Macs capable of running macOS Sonoma

Update information:

  • macOS Sonoma 14.3 introduces enhancements to Apple Music, as well as other features, bug fixes, and security updates for your Mac.
    • Collaborate on playlists in Apple Music allows you to invite friends to join your playlist and everyone can add, reorder, and remove songs
    • Emoji reactions can be added to any track in a collaborative playlist in Apple Music
    • AppleCare & Warranty in Settings shows your coverage for all devices signed in with your Apple ID

Enterprise:

  • Xsan volumes no longer fail to mount automatically.
  • Passwords can be changed successfully at the login window.
  • Improves reliability authenticating to an SMB print server.
  • Improves reliability using single sign-on when using a proxy for associated domains traffic.

Security-related fixes and updates:
At least 17 vulnerabilities were addressed in this update. Here are a few interesting ones:

Finder
Impact: An app may be able to access sensitive user data
Description: The issue was addressed with improved checks.

Mail Search
Impact: An app may be able to access sensitive user data
Description: This issue was addressed with improved redaction of sensitive information.

Safari
Impact: A user’s private browsing activity may be visible in Settings
Description: A privacy issue was addressed with improved handling of user preferences.

Shortcuts
Impact: A shortcut may be able to use sensitive data with certain actions without prompting the user
and, An app may be able to bypass certain Privacy preferences
Description: The issue was addressed with additional permissions checks
and, A privacy issue was addressed with improved handling of temporary files.

Time Zone
Impact: An app may be able to view a user’s phone number in system logs
Description: This issue was addressed with improved redaction of sensitive information.

WebKit often receives security-related fixes with each update, and this time is no exception. However, one of the WebKit patches included in this update is quite serious:

WebKit
Impact: Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been exploited.
Description: A type confusion issue was addressed with improved checks.

For the full list of security patches included in macOS Sonoma 14.3, have a look here.

Meanwhile, the open-source component LibreSSL appears to still contain critical unpatched vulnerabilities. See our detailed report about these known vulnerabilities that affect every Mac today.

Apple neglects to patch multiple critical vulnerabilities in macOS

You can get this update by going to System Settings > Software Update, where compatible Macs running macOS Mojave or newer will see the Sonoma update appear. If your Mac is running macOS High Sierra or older, look for macOS Sonoma in the App Store and download it from there.

Notably, users of OpenCore Legacy Patcher (i.e. people who run macOS Sonoma on an unsupported Mac) must update to the latest version before attempting to update to the latest version of macOS Sonoma.

macOS Ventura 13.6.4

Available for:
All supported Macs currently running macOS Ventura

Security-related fixes and updates:
At least 13 vulnerabilities were addressed. Most of them the same as those addressed in the macOS Sonoma update, including the fix for the exploited WebKit vulnerability. Enterprise users also received the following improvement:

Xsan volumes no longer fail to mount automatically.

A few of the fixes in this update, that are not found in the macOS Sonoma update (because they were previously patched in earlier Sonoma updates) are:

Core Data
Impact: An app may be able to bypass Privacy preferences
Description: This issue was addressed by removing the vulnerable code.

curl
Impact: Multiple issues in curl
Description: Multiple issues were addressed by updating to curl version 8.4.0

LoginWindow
Impact: A local attacker may be able to view the previous logged in user’s desktop from the fast user switching screen
Description: An authentication issue was addressed with improved state management.

For the full list of security patches included in macOS Ventura 13.6.4, have a look here.

You can get this update by going to System Settings > Software Update.

macOS Monterey 12.7.3

Available for:
All supported Macs currently running macOS Monterey

Security-related fixes and updates:
At least nine vulnerabilities were addressed in this update, overlapping with some of those addressed in the macOS Sonoma and Ventura updates.

For the full list of security patches included in macOS Monterey 12.7.3, have a look here.

You can get this update by going to System Preferences > Software Update.

Safari 17.3 for macOS Ventura and Monterey

This update addresses four WebKit issues, the same as those addressed in the macOS Sonoma 14.3 update.

The short list of fixes can be seen here, and the update is available in System Preferences > Software Update on your Mac. It will pop up as an available update once macOS 13.6.4 or 12.7.3 has been installed.

iOS 17.3 and iPadOS 17.3

Available for:
iPhone XS and later, iPad Pro 12.9-inch 2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 6th generation and later, and iPad mini 5th generation and later

Update information:

This update introduces additional security measures with Stolen Device Protection. This release also includes a new Unity wallpaper to honor Black history and culture in celebration of Black History Month, as well as other features, bug fixes, and security updates for your iPhone.

About Stolen Device Protection:

  • Stolen Device Protection increases security of iPhone and Apple ID by requiring Face ID or Touch ID with no passcode fallback to perform certain actions
  • Security Delay requires Face ID or Touch ID, an hour wait, and then an additional successful biometric authentication before sensitive operations like changing device passcode or Apple ID password can be performed

More information about this feature can be found here on Apple’s site. You can also check out our write-up of how to set up Stolen Device Protection on your iPhone, and why we recommend it.

How to enable Stolen Device Protection for iPhone

Other new features:

  • Lock Screen
    New Unity wallpaper honors Black history and culture in celebration of Black History Month
  • Music
    Collaborate on playlists allows you to invite friends to join your playlist and everyone can add, reorder, and remove songs
    Emoji reactions can be added to any track in a collaborative playlist

Enterprise:

  • Stolen Device Protection must first be disabled in order to install configuration profiles, manually enroll in Mobile Device Management, or manually configure Exchange accounts.

Bug fixes & improvements:

  • AirPlay hotel support lets you stream content directly to the TV in your room in select hotels
  • AppleCare & Warranty in Settings shows your coverage for all devices signed in with your Apple ID
  • Crash detection optimizations (all iPhone 14 and iPhone 15 models)

Security-related fixes and updates:
At least 16 vulnerabilities were addressed in this update, many of them the same as those addressed in the aforementioned macOS updates.

One fix unique to iOS and iPadOS 17.3 is for an issue with the new Stolen Device Protection:

Reset Services
Impact: Stolen Device Protection may be unexpectedly disabled
Description: The issue was addressed with improved authentication.

The full list of security issues that were addressed can be found here. To get your hands on this latest update, connect your device to your Mac and follow the update prompts. You can also download these updates over the air by going to Settings > General > Software Update on your device.

iOS 16.7.5 and iPadOS 16.7.5

Available for:
iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later

Security-related fixes and updates:
At least eight vulnerabilities were addressed in this update, all of them the same as those covered in the previously mentioned OS updates.

The full list of security issues that were addressed can be found here. To get this latest update, connect your device to your Mac and follow the update prompts. You can also download these updates over the air by going to Settings > General > Software Update on your device.

iOS 15.8.1 and iPadOS 15.8.1

Available for:
iPhone 6s (all models), iPhone 7 (all models), iPhone SE (1st generation), iPad Air 2, iPad mini (4th generation), and iPod touch (7th generation)

Security-related fixes and updates:

Although only two updates are listed for 15.8.1, they are both significant. Both involve WebKit vulnerabilities that may have been exploited in the past.

WebKit
Impact: Processing web content may disclose sensitive information. Apple is aware of a report that this issue may have been exploited against versions of iOS before iOS 16.7.1.
Description: An out-of-bounds read was addressed with improved input validation.

WebKit
Impact: Processing web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been exploited against versions of iOS before iOS 16.7.1.
Description: A memory corruption vulnerability was addressed with improved locking.

See here to read Apple’s brief document about this update.

To get this latest update, connect your device to your Mac and follow the update prompts. You can also download these updates over the air by going to Settings > General > Software Update on your device.

watchOS 10.3

Available for:
Apple Watch Series 4 and later

Update information:

  • watchOS 10.3 includes new features, improvements, and bug fixes, including new Unity Bloom watch face to honor Black history and culture in celebration of Black History Month.

Security-related fixes and updates:
At least 12 vulnerabilities were addressed in this update, all of them the same as those covered in the previously mentioned OS updates.

The full list of security issues that were addressed can be found here. To install this update, make sure your iPhone is up to date first, both your phone and watch are connected to the same Wi-Fi network, and the watch has at least a 50% charge. Then open the Watch app on your phone and tap General > Software Update.

tvOS 17.3

Available for:
Apple TV HD and Apple TV 4K (all models)

Security-related fixes and updates:
At least nine vulnerabilities were addressed in this update, all of them the same as those covered in the previously mentioned OS updates.

The full list of security issues that were addressed can be found here.

How to install Apple security updates

Every update that was released today, with the exception of watchOS 10.3, includes a fix for a vulnerability that has reportedly been exploited in the wild. It is therefore ideal to update as soon as you reasonably can.

How to install macOS updates

If you haven’t yet upgraded to macOS Sonoma, be sure to first update your critical software. For example, run Intego’s NetUpdate utility and install all available updates, and then check for updates for all other software that you use regularly. Next, check for macOS updates by going to System Settings > General > Software Update.

If you have any trouble getting the macOS update to show up, either press ⌘R at the Software Update screen, or type in the Terminal softwareupdate -l (that’s a lowercase L) and press Return/Enter, then check System Settings > General > Software Update again.

Macs running macOS Big Sur or Monterey can get these updates (or upgrade to macOS Sonoma) via System Preferences > Software Update. If you have an iMac Pro or a MacBook Pro (2018) that’s still running macOS High Sierra, look for macOS Sonoma in the Mac App Store and download it from there.

Note that only the latest macOS version (currently, that’s macOS Sonoma) is ever fully patched; older macOS versions only get a subsection of those patches and remain vulnerable. Therefore, staying on the latest macOS version is critically important for maintaining your security and privacy. For more information, see our article, “When does an old Mac become unsafe to use?

How to install other Apple OS updates

Users of iPhone or iPad can go to Settings > General > Software Update to update iOS or iPadOS on their devices. (This is called an “over the air” or OTA update.) Alternatively, you can connect your device to your Mac, click on the device name in a Finder window sidebar, and check for updates there.

To update watchOS on your Apple Watch, the process is a bit more complicated. First, update your iPhone to the latest operating system it can support (ideally the latest version of iOS 17). Next, ensure that both your iPhone and Apple Watch are on the same Wi-Fi network. Your Apple Watch also needs to have at least a 50% charge. Then open the Watch app on your iPhone and tap General > Software Update.

Whenever you’re preparing to update macOS, iOS, or iPadOS, it’s a good idea to always back up your data before installing any updates. This gives you a restore point if something does not go as planned. See our related article on how to check your macOS backups to ensure they work correctly.

How to Verify Your Backups are Working Properly

See also our article on how to back up your iPhone or iPad to iCloud and to your Mac.

Should you back up your iPhone to iCloud or your Mac? Here’s how to do both

How can I learn more?

Each week on the Intego Mac Podcast, Intego’s Mac security experts discuss the latest Apple news, security and privacy stories, and offer practical advice on getting the most out of your Apple devices. Be sure to follow the podcast to make sure you don’t miss any episodes.

You can also subscribe to our e-mail newsletter and keep an eye here on The Mac Security Blog for the latest Apple security and privacy news. And don’t forget to follow Intego on your favorite social media channels: Follow Intego on Twitter Follow Intego on Facebook Follow Intego on YouTube Follow Intego on Pinterest Follow Intego on LinkedIn Follow Intego on Instagram Follow the Intego Mac Podcast on Apple Podcasts

About Jay Vrijenhoek

Jay Vrijenhoek is an IT consultant with a passion for Mac security research. View all posts by Jay Vrijenhoek →