Apple fixes dozens of security flaws with iOS 15.4 – update your iPhone now


Apple released security patches for just about everything it does yesterday (March 14), so if you’re using an iPhone, iPad, Mac, Apple TV, Apple Watch, or even iTunes for Windows, now’s the time to do the update.

First, the good news: none of the 10 different update sets seem to fix the zero-day flaws. In other words, none of these vulnerabilities are exploited by hackers in the wild – at least not yet. It’s probably only a matter of days before that starts happening, so you’ll want to update your iDevices now.

The update package for iOS and iPad operating system contains fixes for 39 different security vulnerabilities and increases the version numbers of both operating systems to 15.4. We also have a preview of new features in iOS 15.4.

Running Software Update (buried in System Preferences in the latest version of macOS) will install all the Mac updates you need. On an iPhone or iPad, go to Settings > General > Software Update.

To update Apple Watch, make sure your iPhone is connected to Wi-Fi, then go to Apple Watch > My Watch > General > Software Update on your iPhone. To update Apple TV, go to Settings > System > Software Updates > Update Software.

Apple says iTunes for Windows will update automatically if you download the app from the Microsoft Store or if automatic updates are enabled in the app. Alternatively, open the iTunes app and go to Help > Check for Updates.

The Dirty Details of These Security Flaws

Several of the flaws allow malicious websites, images, or PDFs to lead to remote code execution, cross-site scripting (both forms of remote hacking), or the leak of sensitive information, whether you absolutely want to correct as soon as possible. Others let apps already installed on an iPhone or iPad do more than they should, or let someone on a local network do it.

Fixes for some of the same web vulnerabilities are included in update bundles for macOS Monterey, Big Sur and Catalinawhich contain 60, 22 and 18 patches respectively.

A flaw that appears to be unique to Monterey allows a malicious application to gain root privileges, a level of system control that even macOS users are not allowed to have. That’s about as bad a flaw as it gets.

Other upgrade kits are available for AppleTV, apple watch, iTunes for Windows, GarageBand, Logic Pro X and X-Code. That of iTunes fixes four flaws related to the handling of “maliciously crafted” images or web content, which are all shared with iOS/iPadOS, watchOS, tvOS and macOS Monterey.


About Author

Comments are closed.