Update 8/22/2022: Apple has yet to respond to multiple requests about older operating systems (pre-Monterey) being affected by the “kernel” vulnerability noted below. They did release an update to fix the “webkit” vulnerability in Safari for Big Sur and Catalina, but no word yet on whether those operating systems are vulnerable elsewhere. Given this, I am currently recommending that clients with compatible hardware upgrade to the latest version of Monterey. Make sure you have a backup **before** you begin the upgrade process!!! Feel free to contact me via email (kirk at lansharks.net) if you have questions or need assistance.
If you’re reading this, it is likely that you’ve asked my opinion about the security updates Apple released yesterday and are making big headlines. My first thought is: Sit tight until we know more.
As of today, it appears there were two “vulnerabilities” Apple patched in these software updates for the Mac. Both are confirmed to be specific to the Monterey (Mac OS 12.5.x) operating system. Apple has also released a software update for the Safari browser for machines running Big Sur and Catalina operating systems.
According to Apple the vulnerability could have been exploited by “processing web content”, meaning accessing a web page which contained malicious code. Therefore it is important to visit websites you trust.
If your machine is already running Monterey (choose “About This Mac” from the Apple menu), I recommend installing the latest updates (after running a backup). Click the “Software Update…” button in the About window to begin the process or check System Preferences > Software Update.
Note: On machines running older operating systems, Apple hides the updates for *your* operating system a bit. Avoid the “Upgrade Now” button to upgrade to the newer operating system and instead click the “More Info…” button under the “Another update is available” section:
I will reiterate: Don’t run software updates until you’ve run a backup! Also note that upgrading from an older version of the operating system on your Mac may be a can of worms and should be done with caution and consideration. Third-party software and utilities may need to be updated as well, some requiring paid upgrades. Contact me if you need assistance.
It isn’t clear (yet) if the second “kernel” vulnerability on Macs affects older operating systems. We’re waiting for answers from Apple. Stay tuned to this page and/or watch Ars Technica’s article here: https://arstechnica.com/gadgets/2022/08/apple-releases-macos-12-5-1-and-ios-15-6-1-for-actively-exploited-vulnerabilities/
I recommend updating iPhones and iPads. Start by tapping “Settings > General > Software Update”.
Lastly, remember that these types of exploits are typically targeted towards those in the public eye, politicians and those who have things to hide. For now, be mindful of which websites you visit (stay on the straight and narrow, don’t wander too far off the normal path of public websites) and be careful what you click on in email and websites. If you don’t recognize something, don’t click!