It’s been quite the week for Apple, and it’s only Tuesday. The company announced a new iMac with the M4 chip; debuted a new Mac mini with M4 and M4 Pro; and, with new operating system updates, launched Apple Intelligence on compatible Macs, iPhones, and iPads. But iOS 18.1 and macOS 15.1 weren’t only about Apple Intelligence: In addition to other non-AI features, these updates also include fixes for dozens of security vulnerabilities across devices: 27 of them on iPhone and iPad, and 50 of them on the Mac.
Apple doesn’t include security details with its general release notes for software updates, so these fixes tend to fly under the radar. However, the company does post security notes online shortly after seeding the updates to users. We can now see what was included with both iOS 18.1 and iPadOS 18.1, as well as macOS 15.1. While there are a good number of security patches included with these updates (particularly macOS 15.1), the good news is none of these vulnerabilities are zero-days (security flaws discovered before a fix is ready), and none of them are known to have active exploits in the wild. That means, at this time, users are not at major risk if they are running updates that predate iOS 18.1 and macOS 15.1.
Still, you should update as soon as possible—now that details on these vulnerabilities are out there, it’s only a matter of time before bad actors figure out how to exploit them.
What flaws did Apple patch?
On macOS, a number of vulnerabilities stood out to me. Apps could potentially access information about your contacts, read sensitive location information via Find My, and leak sensitive kernel state, for example. If you downloaded a malicious image, it could lead to denial-of-service, an attack which overloads your Mac to make it inaccessible to you. If an attacker had physical access to your Mac, they might be able to bypass the Login Window when a software update was taking place. Safari’s Private Browsing mode could also leak browsing history.
Over on iOS and iPadOS, a bad actor with physical access to your device could view sensitive information, even when it was locked. That includes contact photos, which they could access via a flaw with Siri. A malicious app could run arbitrary shortcuts without your consent, or leak sensitive kernel state. And, as with macOS, Private Browsing mode on Safari could leak browsing history.
For the full list of patches, head to Apple’s release notes for iOS 18.1 and iPadOS 18.1, or macOS 15.1.
These patches aren’t only for Apple’s latest software updates, either. In addition, Apple released security updates for iOS 17.7.1 and iPadOS 17.7.1, macOS Sonoma 14.7.1, and macOS Ventura 13.7.1. These updates are for users who don’t want to update their devices to Apple’s latest OS, as well as for users of older devices who can’t upgrade. The updates feature many of the same security patches as the latest OS releases, so even if you’re running an older version of iOS, iPadOS, and macOS, you’ll be protected.
It’s also not all about iPhone, iPad, and Mac, as Apple released updates for watchOS 11.1, tvOS 18.1, and visionOS 2.1. If you have any of these devices, update them as well.
Install the update to protect your iPhone, iPad, or Mac from these security vulnerabilities
Again, Apple is not aware of any of these flaws being actively exploited at this time, but it’s still good to patch them before a bad actor discovers how to take advantage.
To update, open Settings (iPhone or iPad) or System Settings (Mac), then head to General > Software Update. Allow this page to load, then follow the on-screen instructions to download and install the update.
