With the latest series of updates, Apple is eliminating several critical vulnerabilities in its operating systems that allow remote attackers to smuggle in malicious code. Users should install the updates for iOS, iPadOS, macOS, watchOS and tvOS provided on Friday night as soon as possible.

Targeted attacks on Apple users The security risk does not seem to be purely theoretical: At least three of the vulnerabilities are actively used for attacks on Apple devices, Google security researchers who discovered the bugs and emphasize reported to the manufacturer. A vulnerability in the FontParser and two holes in the kernel can allow malicious code to be executed with kernel rights, Apple admits in a security notice on the updates. According to the manufacturer, there are “reports that there is an exploit for this problem in the wild.”

The vulnerabilities are used for targeted attacks, the Google Security researcher Shane Huntley only with and emphasized at the same time that these are not attacks around the US presidential election. For the in-house web browser Chrome, Google recently released important security updates, and there was talk of actively exploiting the vulnerabilities – the attacks are similar, according to Huntley. Whether the attacks are only aimed at iPhones and how code is smuggled in remains open, as does the order of magnitude.

No updates for iOS 13 and macOS 10. 14 Apple has not only eliminated the three vulnerabilities found by Google in current operating system versions, but also in older versions: In addition to iOS and iPadOS 14. 2 is also iOS 12 .4.9 available for download. A security update for iOS 13 is not available, although the gaps are probably also there – users of iOS 13 should therefore consider installing iOS 13. 2. All devices running iOS 13 can also use iOS 14 to install.

For watchOS, Apple delivers security updates for three different versions: In addition to watchOS 7.1, there is also watchOS 6.2.9 (only for Apple Watch Series 1 and 2) and watchOS 5.3. 9 (for Apple Watch users who still use an iPhone with iOS 12). For Apple TV 4K and HD (4th generation) tvOS 14. 2 is available for download, for the old Apple TV 3 there is also an update available from user reports .

For macOS there is currently only one additional update for macOS 10. 15 7 Catalina, which also fixes the three critical vulnerabilities. Whether security updates for macOS 10. 14 Mojave and 10. 13 High Sierra follow, remains unclear . (lbe)