Apple has released a flurry of updates in response to a pair of security vulnerabilities that the company says “may have been actively exploited on Intel-based Mac systems.” That’s an unusual level of specificity for Apple, especially given that the vulnerabilities are in core code shared by other platforms.
The two vulnerabilities are highly problematic. The JavaScriptCore vulnerability allows for arbitrary code execution, and the WebKit vulnerability enables maliciously crafted Web content to lead to a cross-site scripting attack. Both vulnerabilities were identified by Clément Lecigne and Benoît Sevens of Google’s Threat Analysis Group.
Safari 18.1.1 for macOS 14 Sonoma and macOS 13 Ventura
The release notes are identical for all of them, and there’s no indication that anything else has changed. I wouldn’t be surprised if tvOS is technically vulnerable but not worth updating, and it’s hard to imagine watchOS or HomePod Software being vulnerable in any real way.
Given the severity of these vulnerabilities and the fact that they have been exploited in the wild, I encourage you to install these updates soon.
While the vulnerabilities are only known to have impacted older Macs, other devices are vulnerable to attack because they have the same security flaws.
Is Sequoia 15.1.1 now safe for human consumption? Up until now that wasn’t the case, especially not for non-techies, like me. I’m using an M2 MacBook Air with the newest Sonoma.
I am not suffering from any issues with 15.1. I was screwed up by the Sequoia firewall bug breaking ssh persistence, but that was fixed in the 15.1 update.
This might be a simple coincidence, but I have had two issues with external drives (one a micro-SD card and the other a USB thumb drive) refusing to be erased and reformatted. DiskUtility gets stuck and nothing happens in both cases. I shall have to try them on an old Mac and see if they format there.
That’s unknown—neither Apple nor Google has provided more information. My interpretation would be that there is some known malware that affects only Intel-based Macs for some reason, but that the exploited vulnerabilities are in core code that would make Apple silicon Macs and other devices vulnerable as well.
That matches exactly with my interpretation but doesn’t seem to have any further data behind it.
I have an iPhone SE, 2nd Gen., iOS 17.7. I would like to update to the latest version of iOS 17, which I believe is 17.7.2. As far as I can see, the only option is to update to iOS 18 which I do not want to do.
Can someone point me to where and/or how I can update iOS 17.7.2.
Every year at some point Apple stops providing updates to last year’s version of iOS to the devices that can run the current version, and I believe from posts I have seen on reddit that this is the version that does that. It’s usually about this time of year; I think it was early December the last two years. For now I think that you stick on your existing version or update to 18.1.1.
I am on 17.7.1 (updated a few weeks ago) but do not see the latest 17x update either. Maybe if the phone is able to go to 18, they are not allowing it to do the next 17 update
Not completely. If you use external ATA-formatted disks, especially in high speed hardware, better wait until OWC confirms the driver issue has been resolved.
On the other hand, especially if you use PCIe-mounted disks, repair in MacOS 15.1 of many longstanding macOS bugs may make upgrading safer than not upgrading.
These articles refer to the third-party SoftRAID driver. However,
Starting with macOS Ventura version 13.3, the SoftRAID driver is installed as part of macOS. Today, each version of the SoftRAID driver is tied to a specific version of macOS. If you upgrade to macOS Sequoia, you will instantly start using the SoftRAID 8.3 driver.
Also, many of the issues encountered as OWC and Apple debugged SoftRAID were in the underlying Apple code. Unfortunately Apple only updates older code to add security patches, and not to fix bugs. Therefore,
Like other parts of macOS, if you want new features and bug fixes in the SoftRAID driver, you must upgrade to the latest version of macOS on your Mac.
I also have an SE 2nd gen. currently running iOS 17.7.1 and I see the option of an update to 17.7.2 by scrolling past the iOS 18.1.1 upgrade to the bottom of the Software Update dialog.
As indicated in Adam’s article, there is a Safari update (18.1.1) for those sticking with Sonoma for now. It is a little tedious to install - I first had to get past the Sequoia nagging in Software Update.
But note also that it is a WebKit/JavaScript vulnerability. So if you’re using a browser based on something else (e.g. Firefox or one of the many Chromium-based browsers), then you may not be affected.
At least on your Mac. I think all browsers on iOS-like devices are forced to use Apple’s WebKit framework under the covers.
Sequoia 15.1.1 is more than safe. In a former life it would have been a forced update, but that didn’t work out. You should always update zero day updates ASAP.
Except that WebKit/JavaScript isn’t just used by Safari. It’s also used by various embedded web views in apps and the system (e.g. Apple Music, the App Store) and for all we know the vulnerability can be exploited in these embedded views as well. Given this is a zero-day vulnerability, I would update even if you never use Safari or another WebKit based browser.