After issuing iOS 17.4 on Tuesday with new emoji and massive changes to the App Store in the EU, Apple sent out updates to the rest of its operating systems on Thursday, including macOS 14.4, watchOS 10.4, and visionOS 1.1, the first major update for Apple’s new Vision Pro headset. Among the usual bug fixes and enhancements—most notably, new emoji for your Mac, Persona and EyeSight improvements on Vision Pro, and a new Double Tap function on Apple Watch—the updates include fixes for a mountain of security issues, at least two of which have been exploited in the wild.
All said, the updates include more than 75 unique security updates affecting all corners of Apple’s ecosystem. Here are the important stats you need to know:
macOS 15.4
Security updates: 64
Notable fixes: Airport (CVE-2024-23227), Dock (CVE-2024-23244), Safari Private Browsing (CVE-2024-23273)
macOS Monterey 12.7.4/macOS Ventura 13.6.5
Security updates: 25
Notable fixes: Intel Graphics Driver (CVE-2024-23234), Notes (CVE-2024-23283), Shortcuts (CVE-2024-23204)
watchOS 10.4
Security updates: 24
Notable fixes: Messages (CVE-2024-23287), Sandbox (CVE-2024-23290), Siri (CVE-2024-23293)
tvOS 17.4
Security updates: 24
Notable fixes: CoreBluetooth – LE (CVE-2024-23250), Image Processing (CVE-2024-23270), UIKit (CVE-2024-23246)
visionOS 1.1
Security updates: 16
Notable fixes: Accessibility (CVE-2024-23262), Persona (CVE-2024-23295), WebKit (CVE-2024-23263)
iOS 17.4 and iPadOS 17.4
Security updates: 40
Notable fixes: Bluetooth (CVE-2024-23277), Photos (CVE-2024-23255), Synapse (CVE-2024-23242)
iOS 16.7.6 and iPadOS 16.7.6
Security updates: 18
Notable fixes: CoreCrypto (CVE-2024-23218), Metal (CVE-2024-23264), Safari (CVE-2024-23259)
Apple has also fixed a zero-day flaw across all of its devices affecting Kernel and RTKit that may have been exploited in the wild:
Kernel
- Impact: An attacker with arbitrary kernel read and write capability may be able to bypass kernel memory protections. Apple is aware of a report that this issue may have been exploited.
- Description: A memory corruption issue was addressed with improved validation.
- CVE-2024-23225
RTKit
- Impact: An attacker with arbitrary kernel read and write capability may be able to bypass kernel memory protections. Apple is aware of a report that this issue may have been exploited.
- Description: A memory corruption issue was addressed with improved validation.
- CVE-2024-23296
To update your Apple device, go to the Settings app (or System Settings on a Mac) and find General. Then select Software Update and follow the prompts.