

For iOS, iPadOS, and tvOS, the update is version 15.3. Users and administrators running Macs should update to Monterey 12.2, Big Sur 11.6.3 and Catalina 2022-001. Apple also fixed CVE-2022-22590 in WebKit and CVE-2022-22584 in ColorSync.
#Apple security update meltdown Patch
The tech giant does not adhere to a set patch schedule in the way that Microsoft or Google do, but still posts several major firmware updates for its mobile and desktop devices every year.įor macOS Monterey and iOS 15.3, Apple's latest releases, the flaw is one of three code execution bugs addressed. The zero-day bug is part of a larger set of updates Apple has posted to address various security flaws in its platforms. Apple did not provide details on how widespread the exploitation is at the moment. While Apple did not provide details as to how the vulnerability was being exploited, in the context of iOS such zero-day code execution flaws are often used to unlock or jailbreak phones.Īdministrators should note that an exploit of CVE-2022-22587 would require the attacker to already be running local code on the device, either through a forced installation or through social engineering, such as tricking the target with a fake application. Credit for the discovery was shared between an anonymous researcher, Meysam Firouzi from the Mercedes-Benz Innovation Lab, and Siddharth Aeri. The vulnerability allows an already-installed application to gain root code execution privileges on a vulnerable device.

The bug is already under active exploitation in the wild, according to Apple's advisory published Wednesday. In granting Apple's motion to dismiss, Judge Davila left the plaintiffs the opportunity to refine their allegations and refile their claim by the end of the month.Īn attorney for the plaintiffs did not immediately respond to a request for comment.First and foremost on the patch list is CVE-2022-22587, a zero-day vulnerability in the IOBuffer component for iOS and pre-Catalina versions of macOS. And even following the disclosure of Meltdown and Spectre, Judge Simon observed, people continued to buy devices with the affected processor "without any alleged security breaches as a result of the defects." The Oregon judge, Davila said, found it relevant that there was no allegation that these supposedly defective Intel processors had ever corrupted, lost data, or led to a computer crash. Do you want speed or security as expected? Spectre CPU defenses can cripple performance on Linux in tests.If you've got Intel inside, you probably need to get these security patches inside, too.
#Apple security update meltdown software
Intel fails to get Spectre, Meltdown chip flaw class-action super-suit tossed out They can leak your passwords and other sensitive data, which is why software companies are working on security patches.Another data-leaking Spectre bug found, smashes Intel, Arm defenses."In so holding, Judge Simon distinguished the alleged security vulnerabilities from the processors’ central function, which is to process and be the 'brains' of the devices in which they are placed."
:quality(90)/article-new/2018/01/meltdownspectre-800x499.jpg)
"Most notably and relevant here, the District of Oregon – in reviewing a CLRA omissions claim based on similar allegations against Intel processors regarding the Spectre and Meltdown defects – held that security vulnerabilities are not central to a processor’s function," Judge Davila said in his order.
