Once again, those dialogs do not link to the release notes for each patch and instead point to Apple’s list of security updates-a dusty bookshelf of a page indexing patches going back to Jan. The software-update dialogs shown on an iPhone, iPad, or Mac are much less specific, falling back on the usual vague descriptions of “security improvements and bug fixes” (as shown for the Safari patch on a Mac mini running macOS Monterey) and “bug fixes and security updates” (on an iPad mini 6). The iPhone, iPad, and Mac patches also close a common kernel vulnerability that could let an app “execute arbitrary code with kernel privileges,” while the Mac fix addresses a bug that an app could exploit to “observe unprotected user data.” There’s no mention of those issues being actively exploited. Those notes say that Apple fixed the “type confusion issue” at fault “with improved checks.” In plainer English, that means that going to the wrong website can put malware on your machine, and an Apple customer somewhere in the world has probably learned about this the hard way. “Apple is aware of a report that this issue may have been actively exploited.” “Processing maliciously crafted web content may lead to arbitrary code execution,” warns the relevant part of the release notes for iOS/iPadOS 16.3.1, Safari 16.3.1, and macOS 13.2.1.
Best Hosted Endpoint Protection and Security Software.
0 kommentar(er)
