We’ve previously covered the new security and privacy features, and other notable features, in macOS Sonoma. You can also read our complete guide to ensuring your Mac is ready for macOS Sonoma.
But now that we have the new macOS in hand, let’s examine the security patches included in Sonoma’s first release. We’ll also take a brief look at the other software updates that Apple released this week.
In this article:
Available for
Mac Studio (2022 and later), iMac (2019 and later), Mac Pro (2019 and later), Mac mini (2018 and later), MacBook Air (2018 and later), MacBook Pro (2018 and later), and iMac Pro (2017)
New Features
Be sure to read our coverage of the new security and privacy-related features in macOS Sonoma. To learn about macOS Sonoma’s other new features, see our top 10 list of new macOS Sonoma features, and Apple’s more comprehensive list (in PDF format).
Apart from new features and enhancements, macOS Sonoma also comes loaded with more than 60 named security vulnerability patches.
So far, 61 CVEs (Common Vulnerabilities and Exposures identification numbers) are listed, but Apple often revises its security release notes weeks or months later to add additional entries.
Furthermore, the “Additional recognition” section of the macOS Sonoma 14.0 security release notes list 32 acknowledgements—some of which are supposed to have CVEs, but Apple didn’t list them for some reason. And at least one of those “acknowledgements” apparently lists multiple researchers who reported entirely different vulnerabilities. So it’s possible that well over 90 vulnerabilities may have been addressed in macOS Sonoma.
Apple chose not to include some CVE numbers in the macOS Sonoma 14.0 security release notes, for some reason.
While it currently looks like Sonoma patches “61 CVEs,” the number should actually be (much?) higher than that.
https://t.co/CwZmDgOeXc pic.twitter.com/ZeV2uJH51O — Josh Long (the JoshMeister) (@theJoshMeister) September 27, 2023
Here are just a handful of notable security patches in macOS Sonoma:
WebKit
Impact: Processing web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 16.7.
Description: The issue was addressed with improved checks.
WebKit Bugzilla: 261544
CVE-2023-41993: Bill Marczak of The Citizen Lab at The University of Toronto’s Munk School and Maddie Stone of Google’s Threat Analysis Group
Note: This vulnerability was addressed in iOS, iPadOS, and Safari updates last week to protect against the Predator spyware; more on that in this article.
Bluetooth
Impact: An app may be able to access sensitive user data, and
Impact: An app may be able to bypass certain Privacy preferences
Description: A permissions issue was addressed with additional restrictions.
CVE-2023-40426: Yiğit Can YILMAZ (@yilmazcanyigit)
Game Center
Impact: An app may be able to access contacts
Description: The issue was addressed with improved handling of caches.
CVE-2023-40395: Csaba Fitzl (@theevilbit) of Offensive Security
iCloud
Impact: An app may be able to access sensitive user data
Description: A permissions issue was addressed with improved redaction of sensitive information.
CVE-2023-23495: Csaba Fitzl (@theevilbit) of Offensive Security
iCloud Photo Library
Impact: An app may be able to access a user’s Photos Library
Description: A configuration issue was addressed with additional restrictions.
CVE-2023-40434: Mikko Kenttälä (@Turmio_ ) of SensorFu
Messages
Impact: An app may be able to observe unprotected user data
Description: A privacy issue was addressed with improved handling of temporary files.
CVE-2023-32421: Meng Zhang (鲸落) of NorthSea, Ron Masas of BreakPoint Security Research, Brian McNulty, and Kishan Bagaria of Texts.com
System Preferences
Impact: An app may bypass Gatekeeper checks
Description: The issue was addressed with improved checks.
CVE-2023-40450: Thijs Alkemade (@xnyhps) from Computest Sector 7
TCC
Impact: An app may be able to access user-sensitive data
Description: The issue was addressed with improved checks.
CVE-2023-40424: Arsenii Kostromin (0x3c3e), Joshua Jewett (@JoshJewett33), and Csaba Fitzl (@theevilbit) of Offensive Security
XProtectFramework
Impact: An app may be able to modify protected parts of the file system
Description: A race condition was addressed with improved locking.
CVE-2023-41979: Koh M. Nakagawa (@tsunek0h)
The list of security-related fixes is quite long, and there are many other interesting entries. Check out the full list of security patches included in macOS Sonoma 14.0.
If your Mac meets the system requirements, you will find this update in System Settings > General > Software Update. For those running macOS on unsupported hardware by means of OpenCore Legacy Patcher, give it a week or so and macOS Sonoma should be supported. The current version does not support macOS Sonoma.
Available for
macOS Monterey and macOS Ventura (included in macOS Sonoma 14)
Security updates:
The application itself received one security patch, WebKit received four, for a total of five CVEs. Here are a couple of highlights:
Safari
Available for: macOS Monterey and macOS Ventura
Impact: Visiting a website that frames malicious content may lead to UI spoofing
Description: A window management issue was addressed with improved state management.
CVE-2023-40417: Narendra Bhati From Suma Soft Pvt. Ltd, Pune (India)
WebKit
Available for: macOS Ventura
Impact: Processing web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 16.7.
Description: The issue was addressed with improved checks.
WebKit Bugzilla: 261544
CVE-2023-41993: Bill Marczak of The Citizen Lab at The University of Toronto’s Munk School and Maddie Stone of Google’s Threat Analysis Group
The WebKit patch highlighted above is the same one macOS Sonoma received, and was included with last week’s round of updates for other operating systems. Last week’s release notes didn’t specify whether macOS Ventura got the patch; evidently Apple was waiting to release the patch for Ventura as part of Safari 17 for some reason.
Apple also released iOS 17.0.2 and iPadOS 17.0.2, as well as watchOS 10.0.2, on Tuesday. According to Apple, these updates have “no published CVE entries,” and Apple did not publish any additional security acknowledgements.
Both contain bug fixes. According to Apple, the iOS update “fixes an issue that may prevent transferring data directly from another iPhone during setup.” Apple did not specify which bug-fixes the watchOS update contains.
As mentioned in our previous coverage, the Predator spyware was recently caught exploiting three vulnerabilities in Apple operating systems:
Here is the patch status of those vulnerabilities for each applicable Apple operating system, as of today:
With the release of macOS Sonoma, we can presume that macOS Big Sur has likely seen its last update with the release of Safari 16.6.1 last week. This not only leaves macOS Big Sur potentially vulnerable to the Predator spyware, but going forward an ever-increasing amount of vulnerabilities will not be addressed.
It’s best to upgrade your Mac to the latest compatible macOS version, ideally macOS Sonoma, to ensure that your Mac will receive security updates for the next year. If your Mac is not officially compatible with macOS Sonoma, consider upgrading to a newer macOS version than Apple supports to keep your Mac better protected.
Be sure to read our complete guide to upgrading to macOS Sonoma to make sure your Mac is fully ready.
How to Prepare Your Mac to Upgrade to macOS Sonoma: the Ultimate Guide
To upgrade a Mac running macOS Ventura to macOS Sonoma, first update your critical software; for example, run Intego’s NetUpdate utility and install all available updates. Then check for macOS updates by going to System Settings > General > Software Update.
If you have any trouble getting the macOS update to show up, either press ⌘R at the Software Update screen, or type in the Terminal softwareupdate -l (that’s a lowercase L) and press Return/Enter, then check System Settings > General > Software Update again.
Macs running macOS Big Sur or Monterey can get these updates (or upgrade to macOS Sonoma) via System Preferences > Software Update. If you have an iMac Pro or a MacBook Pro (2018) that’s still running macOS High Sierra, look for macOS Sonoma in the Mac App Store and download it from there.
Note that only the latest macOS version is ever fully patched; older macOS versions only get a subsection of those patches and remain vulnerable. Therefore, staying on the latest macOS version is critically important for maintaining your security and privacy. For more information, see our article, “When does an old Mac become unsafe to use?”
Users of iPhone or iPad can go to Settings > General > Software Update to update iOS or iPadOS on their devices.
To update watchOS on your Apple Watch, the process is a bit more complicated. First, update your iPhone to the latest operating system it can support (ideally the latest version of iOS 17). Next, ensure that both your iPhone and Apple Watch are on the same Wi-Fi network. Your Apple Watch also needs to have at least a 50% charge. Then open the Watch app on your iPhone and tap General > Software Update.
Whenever you’re preparing to update macOS, iOS, or iPadOS, it’s a good idea to always back up your data before installing any updates. This gives you a restore point if something does not go as planned. See our related article on how to check your macOS backups to ensure they work correctly.
See also our article on how to back up your iPhone or iPad to iCloud and to your Mac.
Should you back up your iPhone to iCloud or your Mac? Here’s how to do both
You can also subscribe to our e-mail newsletter and keep an eye here on The Mac Security Blog for the latest Apple security and privacy news. And don’t forget to follow Intego on your favorite social media channels: 
