Tech
You really really really need to update your Mac. Like really
While everyone was talking about the arrival of Apple Intelligence in the iOS 18.1 and macOS 15.1 betas, Apple also delivered a series of updates for its existing operating systems. And if you own a Mac, you should absolutely install it right away.
The updates don’t include any notable new features, but they do fix a lot of security vulnerabilities. In all, the updates include more than 100 security patches for macOS Sonoma (14.6), Ventura (13.6.8), and Monterey (12.7.6). When you install them, there will be 54 updates for Sonoma, 36 for Ventura, and 32 for Monterey. That’s an incredible amount of patches, especially considering the last round of updates only arrived in mid-May.
There are far too many to list here, but some of the highlights that jump out as particularly concerning:
Family Sharing
- Available for: macOS Sonoma
- Impact: An app may be able to read sensitive location information
- Description: This issue was addressed with improved data protection.
- CVE-2024-40795: Csaba Fitzl (@theevilbit) of Kandji
Messages
- Available for: macOS Sonoma
- Impact: An app may be able to view a contact’s phone number in system logs
- Description: The issue was addressed with improved checks.
- CVE-2024-40832: Rodolphe BRUNETTI (@eisw0lf)
Photos Storage
- Available for: macOS Sonoma
- Impact: Photos in the Hidden Photos Album may be viewed without authentication
- Description: An authentication issue was addressed with improved state management.
- CVE-2024-40778: Mateen Alinaghi
Sandbox
- Available for: macOS Sonoma
- Impact: An app may be able to bypass Privacy preferences
- Description: This issue was addressed through improved state management.
- CVE-2024-40824: Wojciech Regula of SecuRing (wojciechregula.blog), and Zhongquan Li (@Guluisacat) from Dawn Security Lab of JingDong
Shortcuts
- Available for: macOS Sonoma/Ventura/Monterey
- Impact: A shortcut may be able to use sensitive data with certain actions without prompting the user
- Description: A logic issue was addressed with improved checks.
- CVE-2024-40833-36/40807: an anonymous researcher
Time Zone
- Available for: macOS Ventura/Monterey
- Impact: An attacker may be able to read information belonging to another user
- Description: A logic issue was addressed with improved state management.
- CVE-2024-23261: Matthew Loewen
WebKit
- Available for: macOS Sonoma
- Impact: Private Browsing tabs may be accessed without authentication
- Description: This issue was addressed through improved state management.
- WebKit Bugzilla: 275272
CVE-2024-40794: Matthew Butler
Apple also released iOS 17.6 and iPadOS 17.6 with 30 patches, watchOS 10.6 with 24, tvOS 17.6 with 16, and visionOS 1.3 with 15 fixes. To update your Mac, head over to System Settings (or System Preferences), then General and Software Update. On other devices, find the Settings app, then look for the Software Update tab.