![\"\"](\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2024\/09\/Apple-software-security-update-macOS-Sequoia-red-600x300-1.jpg\")
<\/p>\n<\/p>\n
Along with any brand-new operating system from Apple comes a variety of new security and privacy features and improvements. Inevitably, these updates also bundle many vulnerability patches that Apple will never backport to earlier OS versions.<\/p>\n
Let’s briefly explore what’s new in that regard for macOS Sequoia, iOS 18, and the other operating systems Apple released on Monday.<\/p>\n
And just as importantly, let’s also explore what Apple notably didn’t\u00a0<\/em>patch in this week’s major new OS updates.<\/p>\n In this article:<\/p>\n We’ve previously shared our top 5 list of security and privacy features in macOS Sequoia, iOS 18, and iPadOS 18<\/a>.<\/p>\n One big change is that Apple now has a Passwords app<\/a>\u2014an improvement over saved passwords being buried deep within Settings. Another cross-OS improvement that Apple hasn’t implemented yet is Private Cloud Compute, a key component of Apple Intelligence; it ensures that off-device AI processing maintains users’ privacy.<\/p>\n Most of the other changes are iOS and iPadOS specific. One is locking and hiding apps. Apple has also added the ability to manually select specific contacts to share with an app.<\/a><\/p>\n Apple patched a slew of security vulnerabilities<\/a> in its latest operating systems; following is an overview:<\/p>\n “CVEs” is short for Common Vulnerabilities and Exposures; more specifically, I’m using the term to refer to the numbers assigned to individual vulnerabilities that Apple patched. Apple sometimes withholds revealing some CVEs until a later date.<\/p>\n “Additional recognitions” refers to when Apple only thanks researchers for their assistance, but doesn’t assign CVE numbers. Because Apple lists operating system components along with a list of researchers, it can be difficult to tell which researchers collaborated or not, and how many issues were reported per component.<\/p>\n Apple did not disclose any “exploited” vulnerabilities (i.e. ones previously used in real-world attacks) in this patch cycle.<\/a><\/p>\n Apple also issued some patches for some older operating systems as well as Xcode:<\/p>\n Note that there are significant differences between the number of vulnerabilities Apple patched for the current versus previous OS versions. For reasons that Apple has never fully explained, only the current OS versions are fully patched<\/a>; older OSes get a subset of applicable patches.<\/p>\n Apple did not release a watchOS 10 security update. This leaves the Apple Watch Series 4, Series 5, and SE (1st gen)\u2014all of which can’t run watchOS 11\u2014without any new security updates.<\/a><\/p>\n Apple continues to leave open-source software components in macOS Sequoia critically outdated and highly vulnerable<\/a>. For example, Sequoia still includes LibreSSL 3.3.6, which is more than 2.5 years old and contains at least four known vulnerabilities<\/a>, including two rated “9.8 CRITICAL” on the CVSS scale; the latest stable release is 3.9.2, released on May 12, 2024.<\/p>\n Additionally, Apple has once again neglected to patch a Safari bug that the company has known about for more than 5.5 years. The bug makes it easy to spread misinformation via fake news headlines<\/a> that appears to come from credible sources.<\/p>\n We’ve reached out to Apple about both of these issues. Apple has not responded to our requests for comment.<\/p>\n Meanwhile, macOS Sequoia 15.0 has introduced a new network-related bug<\/a> that has impacted many users. Due to this Apple bug, some apps may have difficulty accessing the Internet; this seems to be especially common for VPN<\/a> users. Apple is aware of the bug and will likely release an update soon to address it.<\/a><\/p>\n You can also subscribe to our e-mail newsletter<\/strong><\/a> and keep an eye here on The Mac Security Blog<\/strong><\/a> for the latest Apple security and privacy news. And don’t forget to follow Intego on your favorite social media channels: Apple\u2019s new operating systems, including macOS Sequoia and iOS 18, include a number of security improvements. But Apple continues to neglect to\u00a0patch some major vulnerabilities as well.<\/p>\n","protected":false},"author":14,"featured_media":101868,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"spay_email":"","jetpack_publicize_message":"","jetpack_is_tweetstorm":false},"categories":[13],"tags":[4687,4684,4741,4742,4740,4686,4643,115,201,143,170],"yoast_head":"\n\n\n\n\n\n\n\n\n\n\n\n\n\n\t\n\t\n\n\n\n\t\n\t\n\t\n\n
New security and privacy features<\/h3>\n
Vulnerabilities patched in the new operating systems<\/h3>\n
\n
Vulnerabilities patched in other software<\/h3>\n
\n
What Apple has (once again) left unpatched<\/h3>\n
How can I learn more?<\/h3>\n
![\"\"](\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2021\/04\/intego-podcast-artwork-400.jpg\")
<\/a>Each week on the Intego Mac Podcast<\/strong><\/a>, Intego’s Mac security experts discuss the latest Apple news, security and privacy stories, and offer practical advice on getting the most out of your Apple devices. Be sure to follow the podcast<\/strong><\/a> to make sure you don\u2019t miss any episodes.<\/p>\n![\"Follow](\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2024\/03\/X-Twitter-logo-icon-225.gif\" "\\"Follow"){kind=icon}
<\/a>\u00a0![\"Follow](\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2024\/03\/Facebook-logo-icon-225.gif\" "\\"Follow"){kind=icon}
<\/a>\u00a0![\"Follow](\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2024\/03\/YouTube-logo-icon-225.png\" "\\"Follow"){kind=icon}
<\/a>\u00a0![\"Follow](\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2024\/03\/Pinterest-logo-icon-225.png\" "\\"Follow"){kind=icon}
<\/a>\u00a0![\"Follow](\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2024\/03\/LinkedIn-logo-icon-225.gif\" "\\"Follow"){kind=icon}
<\/a>\u00a0![\"Follow](\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2024\/03\/Instagram-logo-icon-225.gif\" "\\"Follow"){kind=icon}
<\/a>\u00a0![\"Follow](\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2017\/10\/ios9-podcasts-app-tile.png\" "\\"Follow")
<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"