Chapter in this post:
It's rare for Apple to respond so quickly, but the current spate of unexpected updates shows that there was apparently a security hole that was being actively exploited. Security patches for iPhone, iPad and Mac have been available since Thursday evening.
iOS and iPadOS 15.3.1 are available for iPhone and iPad models, while macOS version 12.2.1 from Monterey is available for the update for MacBook Pro/Air, iMac, Mac Pro and Mac Mini.
The main reason for the quick update is probably the closing of a security gap in WebKit, which could apparently be exploited to bring malicious code to the corresponding device. Because Safari and some others Browser (including Chrome and Firefox) rely on the WebKit engine, malware can even get onto the locked iOS and iPadOS systems.
Unlike many other vulnerabilities found in Apple systems in the past, this exploit does not even require the attacker to be on the device. Even an appropriately prepared website that the visitor calls up can be enough to install malware on the device.
In view of this, Apple also recommends that the update be carried out quickly, as the vulnerability is actively being exploited to attack Macs, iPhones and iPads.
Anyone who is still on iOS 14 and has not yet wanted to update their device should now make the leap to iOS 15 at the latest, because the old operating system no longer receives updates from Apple. Accordingly, the vulnerability also remains in WebKit and the devices would be permanently vulnerable.
There are a few other things that are set to be fixed with the latest system updates. The focus here is mainly on two bugs that have annoyed many users so far:
Both problems were apparently related to an existing Bluetooth connection, but hopefully they will be fixed with the new macOS 12.2.1.
Apple even goes into point 1 in the release notes:
macOS 12.2.1 includes important security updates and fixes an issue in Mac computers with Intel processors where the battery might drain in sleep mode when connected to Bluetooth peripherals.
There is also an update to watchOS 8.4.2 for the Apple Watch, in which Apple itself speaks of security updates and bug fixes. However, nothing has been said by Apple about the exact adjustments and possible weaknesses that have been rooted out here. The Apple Watch rarely goes wrong after an update, so I'd rather do that update as well.
When it comes to pure feature updates, I usually hold off on updating for a few days to see if there are any problems for other users. In this case, however, we are dealing with a vulnerability that can be exploited very easily by attackers - even remotely via a simple website. Therefore, I strongly recommend updating iPhone, iPad and Mac in a timely manner.
However, there is no reason not to make a backup beforehand. In any case, a defective operating system that cannot be restored with a backup is worse than an open security gap for another short time. So: make a backup and then perform updates.
Jens has been running the blog since 2012. He appears as Sir Apfelot for his readers and helps them with problems of a technical nature. In his free time he drives electric unicycles, takes photos (preferably with his iPhone, of course), climbs around in the Hessian mountains or hikes with the family. His articles deal with Apple products, news from the world of drones or solutions for current bugs.