2 min Security

Apple releases latest security patches for older devices

Apple releases latest security patches for older devices

Last week’s security updates are now available for older iPhones, iPads, and Macs.

This week Apple released iOS and iPadOS 15.7.5, macOS Monterey 12.6.5, and macOS Big Sur 11.7.6 to patch two security vulnerabilities in older devices that are still receiving software updates but aren’t capable of running the newest operating systems.

The move follows last week’s release of iOS and iPadOS 16.4.1 and macOS Ventura 13.3.1. In both cases, the new OS patches two actively exploited security vulnerabilities and fixes other small bugs, according to reporting in Ars Technica.

The report adds that Mac owners should also install last week’s Safari 16.4.1 update. That is because Apple’s browser platform is still updated separately from the rest of the OS on Macs. This latest Safari update plugs one of the security holes (CVE-2023-28205, a WebKit arbitrary code execution vulnerability). Additionally, the macOS update patches the other (CVE-2023-28206, a graphics-related bug that can allow arbitrary code execution with kernel privileges).

The gap in release dates could pose a risk

Users are able to install the Mac updates on any Mac that’s running Big Sur or Monterey, even if the hardware is capable of upgrading to Ventura, according to Ars Technica. However, Apple is only providing iOS and iPadOS 15 updates to older devices that can’t run version 16. These older devices include models like the iPhone 6S and 7, the original iPhone SE, the last iPod Touch, and the iPad Air 2 that Apple sold for several years in the mid-2010s, the article says.

“Apple has always provided at least a couple of years of security updates to older macOS versions, and in recent years the company has been extending the same courtesy to older iPhones and iPads”, Ars Technica explains. However, releasing the security patches for older devices a full week after the original release “isn’t ideal”. Theoretically, such a delay “could leave additional time for attackers to target those specific OS versions”.

Still, the article notes, “at least all currently supported operating systems can now be secured”.