News

iOS 15.7.5, macOS 11.7.6 and macOS 12.6.5 Now Available with Security Improvements

Apple today released new iOS 15.7.5macOS Big Sur 11.7.6, and macOS Monterey 12.6.5 updates. The new versions bring security improvements to users of older iPhones, iPads, and Macs that can’t be updated to the latest versions of their operating systems (iOS 16, iPadOS 16, and macOS Ventura).

‌‌iOS 15.7.5 can be downloaded and installed over the air on iPhones and iPads by going to Settings -> General -> Software Update. The macOS Big Sur and macOS Monterey updates can be downloaded on the Mac by going to System Preferences -> General -> Software Update.

The security fixes are as follows:

iOS 15.7.5 and iPadOS 15.7.5

Released April 10, 2023

IOSurfaceAccelerator

Available for: iPhone 6s (all models), iPhone 7 (all models), iPhone SE (1st generation), iPad Air 2, iPad mini (4th generation), and iPod touch (7th generation)

Impact: An app may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited.

Description: An out-of-bounds write issue was addressed with improved input validation.

CVE-2023-28206: Clément Lecigne of Google’s Threat Analysis Group and Donncha Ó Cearbhaill of Amnesty International’s Security Lab

WebKit

Available for: iPhone 6s (all models), iPhone 7 (all models), iPhone SE (1st generation), iPad Air 2, iPad mini (4th generation), and iPod touch (7th generation)

Impact: Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.

Description: A use after free issue was addressed with improved memory management.

WebKit Bugzilla: 254797
CVE-2023-28205: Clément Lecigne of Google’s Threat Analysis Group and Donncha Ó Cearbhaill of Amnesty International’s Security Lab

macOS Big Sur 11.7.6

Released April 10, 2023

IOSurfaceAccelerator

Available for: macOS Big Sur

Impact: An app may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited.

Description: An out-of-bounds write issue was addressed with improved input validation.

CVE-2023-28206: Clément Lecigne of Google’s Threat Analysis Group and Donncha Ó Cearbhaill of Amnesty International’s Security Lab

macOS Monterey 12.6.5

Released April 10, 2023

IOSurfaceAccelerator

Available for: macOS Monterey

Impact: An app may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited.

Description: An out-of-bounds write issue was addressed with improved input validation.

CVE-2023-28206: Clément Lecigne of Google’s Threat Analysis Group and Donncha Ó Cearbhaill of Amnesty International’s Security Lab

Google’s Threat Analysis Group and Amnesty International’s Security Lab are credited with finding and reporting the issues to Apple.

Chris Hauk

Chris is a Senior Editor at Mactrast. He lives somewhere in the deep Southern part of America, and yes, he has to pump in both sunshine and the Internet.