This major security update, released on October 29, included all Apple operating systems (macOS, iOS, iPadOS, watchOS, tvOS, visionOS) as well as Apple services such as Safari and iTunes.
Apple noted that keeping software up to date is one of the most important things users can do to maintain Apple product security.
Some macOS patches fixed critical vulnerabilities. One such vulnerability could allow an attacker to access information about your contacts, read sensitive location information via Apple’s Find My service and leak sensitive kernel state.
In another one, a malicious image could lead todenial-of-service (DoS) attacks.
A third could lead an attacker to bypass the Login Window when a software update occurs if they get physical access to your Mac. Safari's Private Browsing mode could also leak browsing history.
On iOS and iPadOS, someone with physical access to your device might be able to view private information, even if it’s locked. This includes contact photos, which could be exposed due to a vulnerability involving Siri.
The visionOS 2.1 update incorporates solutions for over 25 identified security flaws, some of which could allow malicious actors to execute arbitrary code, access sensitive information, or even crash the system.
Several CVE identifiers in the update are attributed to researchers from Trend Micro’s Zero Day Initiative, CrowdStrike’s Counter Adversary Operations, Alibaba Group, JD.com’s Dawn Security Lab and many other independent security researchers.