![\"\"](\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2023\/02\/Apple-software-update-orange-important-600x300-1.png\")
<\/p>\n<\/p>\n
On Monday, July 29, Apple released operating system updates for all of its products. The updates add some minor new features, address some bugs, and more importantly, fix some serious security vulnerabilities.<\/p>\n
Let’s explore everything you should know about what Apple changed in these updates.<\/p>\n
In this article:<\/em><\/p>\n Without further ado, here’s more about each of this week’s updates.<\/a><\/p>\n Available for: <\/strong>All supported Macs capable of running macOS Sonoma<\/p>\n Update information:<\/strong><\/p>\n This update adds support for using up to two external displays when the laptop lid is closed on 14-inch MacBook Pro with M3 chip and also provides important bug fixes and security updates.<\/p>\n<\/li>\n<\/ul>\n Enterprise:<\/strong><\/p>\n The login keychain is correctly created the first time a mobile user logs in.<\/p>\n<\/li>\n Enforcing a specific software update version no longer fails if it’s not the most recent available update.<\/p>\n<\/li>\n The FileVault recovery key is no longer shown after updating when configured by MDM to not show the key.<\/p>\n<\/li>\n Users can successfully be added to the access list for Remote Management in System Settings.<\/p>\n<\/li>\n The allowAssistant restriction correctly prevents the Siri app from being opened.<\/p>\n<\/li>\n<\/ul>\n Security-related fixes and updates:<\/strong> Accounts <\/p>\n APFS <\/p>\n Family Sharing <\/p>\n Messages <\/p>\n OpenSSH <\/p>\n Photos Storage <\/p>\n Siri Note that we previously wrote about the OpenSSH vulnerability, CVE-2024-6387 aka regreSSHion<\/a>, on July 2.<\/p>\n For the full list of security patches included in macOS Sonoma 14.6, have a look here<\/a>. Given the volume of security issues fixed, and the severity of some, we recommend updating sooner rather than later.<\/p>\n You can get this update by going to System Settings<\/strong> > Software Update<\/strong>, where compatible Macs running macOS Mojave or newer will see the Sonoma update appear. If your Mac is running macOS High Sierra or older, look for macOS Sonoma in the App Store and download it from there.<\/p>\n Some users of older, unsupported Macs may have upgraded their Macs using an unofficial method<\/a>. OpenCore Legacy Patcher users should update to the latest OCLP version<\/a> before attempting to update to macOS Sonoma 14.6.<\/a><\/p>\n Available for: <\/strong>All supported Macs currently running macOS Ventura<\/p>\n Security-related fixes and updates:<\/strong> You can get this update by going to System Settings<\/strong> > Software Update<\/strong>.<\/a><\/p>\n Available for: <\/strong>All supported Macs currently running macOS Monterey<\/p>\n Security-related fixes and updates:<\/strong> RTKit For the list of security patches included in Monterey 12.7.6, have a look here<\/a>.<\/p>\n The may perhaps be the final, or second to last, security update for macOS Monterey before the fall release of macOS Sequoia. It’s nice to see Apple patching a known-exploited vulnerability before pulling the plug on support for this OS. On the other hand, we would have preferred to see this patch much sooner\u2014and for updates to patch all known vulnerabilities, rather than cherry-picking.<\/p>\n You can get this update by going to System Preferences<\/strong> > Software Update<\/strong>.<\/a><\/p>\n Available for: <\/strong>macOS Monterey and macOS Ventura<\/p>\n This update addresses at least 9 issues with CVEs assigned: 8 WebKit issues and 1 Safari app issue. Users of either macOS Monterey or Ventura will receive Safari 17.6 as a separate update that can be installed either alongside the macOS updates or after they have been installed.<\/p>\n The details of these fixes can be seen here<\/a>, and the update is available in System Preferences<\/strong> > Software Update<\/strong> on your Mac.<\/a><\/p>\n Available for:\u00a0<\/strong>Available for: iPhone XS and later, iPad Pro 12.9-inch 2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 6th generation and later, and iPad mini 5th generation and later<\/p>\n Update Information:<\/strong><\/p>\n Apple has listed no new features for this update, making it solely a security update.<\/p>\n Security-related fixes and updates:<\/strong><\/p>\n This update addresses at least 35 issues with CVEs assigned, most of them the same as those addressed in the macOS updates.<\/p>\n The full list of security issues that were addressed can be found here<\/a>. To get your hands on this latest update, connect your device to your Mac and follow the update prompts. You can also download these updates over the air by going to Settings<\/strong> > General<\/strong> > Software Update<\/strong> on your device.<\/a><\/p>\n Available for:<\/strong> Security-related fixes and updates:<\/strong> The details of the security issues that were addressed can be found here<\/a>. To get this latest update, connect your device to your Mac and follow the update prompts. You can also download these updates over the air by going to Settings<\/strong> > General<\/strong> > Software Update<\/strong> on your device.<\/a><\/p>\n Available for: <\/strong>Apple Watch Series 4 and later<\/p>\n Security-related fixes and updates: The full list of security issues that were addressed can be found here<\/a>. To install this update, make sure your iPhone is up to date first, both your phone and watch are connected to the same Wi-Fi network, and the watch has at least a 50% charge. Then open the Watch app on your phone and tap General<\/strong> > Software Update<\/strong>.<\/a><\/p>\n Available for: <\/strong>Apple TV HD and Apple TV 4K (all models)<\/p>\n Security-related fixes and updates:<\/strong> The full list of security issues that were addressed can be found here<\/a>. To install this update, go to Settings > System > Software Updates<\/strong> on your Apple TV.<\/a><\/p>\n Available for: Apple Vision Pro<\/p>\n Security-related fixes and updates:<\/strong> The full list of security issues that were addressed can be found here<\/a>. To install this update, go to Settings > General > Software Update<\/strong>.<\/a><\/p>\n Though the following shouldn’t come as a big surprise, Apple did not release security updates for any of the following operating systems this month:<\/p>\n If you have an older device that won’t be compatible with the upcoming iOS 18, iPadOS 18, or watchOS 11, you should strongly consider purchasing a newer model. The iPad line got updates just a few months ago<\/a>, so now is a great time to buy an iPad Air or iPad Pro. However, it’s best to wait until September before buying a new iPhone or Apple Watch, since new models are coming soon. The latest models of iPad, iPhone, and Apple Watch can run the newest operating systems, and can thus get all available security updates.<\/p>\n Meanwhile, macOS Sonoma still includes a two-year-old version of LibreSSL that appears to remain unpatched<\/a>, and other vulnerabilities in open-source components remain unpatched as well. Nevertheless, we recommend upgrading to macOS Sonoma to address a plethora of other vulnerabilities that Apple has not fixed (and likely never will) for previous macOS versions. If your Mac is not on Apple’s compatibility list for macOS Sonoma<\/a>, you should consider buying a new Mac; learn which Mac model is ideal for you<\/a>. Or, if you like living on the edge, you can upgrade your old Mac to macOS Sonoma without Apple’s support or blessing<\/a>.<\/a><\/p>\n If you haven’t yet upgraded to macOS Sonoma<\/strong>, be sure to first update your critical software. For example, run Intego’s NetUpdate utility and install all available updates, and then check for updates for all other software that you use regularly. Next, check for macOS updates by going to System Settings > General > Software Update.<\/p>\n If you have any trouble getting the macOS update to show up, either press \u2318R at the Software Update screen, or type in the Terminal Macs running macOS Big Sur or Monterey can get these updates (or upgrade to macOS Sonoma) via System Preferences > Software Update. If you have an iMac Pro or a MacBook Pro (2018) that’s still running macOS High Sierra, look for macOS Sonoma in the Mac App Store<\/a> and download it from there.<\/p>\n Note that only the latest macOS version (currently, that’s macOS Sonoma) is ever fully patched<\/strong>; older macOS versions only get a subset of those patches and remain vulnerable. Therefore, staying on the latest macOS version is critically important for maintaining your security and privacy. For more information, see our article, “When does an old Mac become unsafe to use?<\/a>”<\/p>\n When does an old Mac become unsafe to use?<\/a><\/p><\/blockquote>\n\n
macOS Sonoma 14.6<\/h3>\n
\n
\n
\nIn this update, Apple addressed at least 69 vulnerabilities with CVE (Common Vulnerabilities and Exposures) numbers assigned to them. Here are a handful of notable ones:<\/p>\n
\n<\/strong>Impact: A malicious application may be able to access private information
\nDescription: The issue was addressed with improved checks.
\nCVE-2024-40804: IES Red Team of ByteDance<\/p>\n
\n<\/strong>Impact: A malicious application may be able to bypass Privacy preferences
\nDescription: The issue was addressed with improved restriction of data container access.
\nCVE-2024-40783: Csaba Fitzl (@theevilbit) of Kandji<\/p>\n
\n<\/strong>Impact: An app may be able to read sensitive location information
\nDescription: This issue was addressed with improved data protection.
\nCVE-2024-40795: Csaba Fitzl (@theevilbit) of Kandji<\/p>\n
\n<\/strong>Impact: An app may be able to view a contact’s phone number in system logs
\nDescription: The issue was addressed with improved checks.
\nCVE-2024-40832: Rodolphe BRUNETTI (@eisw0lf)<\/p>\n
\n<\/strong>Impact: A remote attacker may be able to cause arbitrary code execution
\nDescription: This is a vulnerability in open source code and Apple Software is among the affected projects.
\nCVE-2024-6387<\/p>\n
\n<\/strong>Impact: Photos in the Hidden Photos Album may be viewed without authentication
\nDescription: An authentication issue was addressed with improved state management.
\nCVE-2024-40778: Mateen Alinaghi<\/p>\n
\n<\/strong>Impact: An attacker with physical access may be able to use Siri to access sensitive user data
\nDescription: This issue was addressed by restricting options offered on a locked device.
\nCVE-2024-40818: Bistrit Dahal and Srijan Poudel<\/p><\/blockquote>\nmacOS Ventura 13.6.8<\/h3>\n
\nIn this update, Apple addressed at least 45 vulnerabilities with CVEs assigned. Most of them are the same as those found in the Sonoma update. For the list of security patches included in Ventura 13.6.8, have a look here<\/a>.<\/p>\nmacOS Monterey 12.7.6<\/h3>\n
\nIn this update, Apple addressed at least 41 vulnerabilities with CVEs assigned. Most of them are the same as those found in the Sonoma update. However, one stands about; this update finally addresses an in-the-wild exploited vulnerability that was fixed for Sonoma and Ventura back in May:<\/p>\n
\n<\/strong>Impact: An attacker with arbitrary kernel read and write capability may be able to bypass kernel memory protections. Apple is aware of a report that this issue may have been exploited.<\/span>
\nDescription: A memory corruption issue was addressed with improved validation.
\nCVE-2024-23296<\/p><\/blockquote>\nSafari 17.6 for macOS Ventura and Monterey<\/h3>\n
iOS 17.6 and iPadOS 17.6<\/h3>\n
iOS 16.7.9 and iPadOS 16.7.9<\/h3>\n
\niPhone 8, iPhone 8 Plus, iPhone X, iPad 5th generation, iPad Pro 9.7-inch, and iPad Pro 12.9-inch 1st generation<\/p>\n
\nApple addressed at least 26 vulnerabilities with CVEs in this update, all similar to those found in the other OS updates.<\/p>\nwatchOS 10.6<\/h3>\n
\n<\/strong>Apple addressed at least 29 vulnerabilities with CVEs in this update.<\/p>\ntvOS 17.6<\/h3>\n
\nApple addressed at least 19 vulnerabilities with CVEs in this update, mostly the same as in the other OS updates.<\/p>\nvisionOS 1.3<\/h3>\n
\nApple addressed at least 19 vulnerabilities with CVEs in this update, mostly the same as in the other OS updates.<\/p>\nWhat Apple didn’t patch<\/h3>\n
\n
How to install Apple security updates<\/h3>\n
For macOS updates<\/strong><\/h4>\n
softwareupdate -l<\/code> (that\u2019s a lowercase L) and press Return\/Enter, then check System Settings > General > Software Update again.<\/p>\n