Apple today released new iOS 15.7.5, macOS Big Sur 11.7.6, and macOS Monterey 12.6.5 updates. The new versions bring security improvements to users of older iPhones, iPads, and Macs that can’t be updated to the latest versions of their operating systems (iOS 16, iPadOS 16, and macOS Ventura).
iOS 15.7.5 can be downloaded and installed over the air on iPhones and iPads by going to Settings -> General -> Software Update. The macOS Big Sur and macOS Monterey updates can be downloaded on the Mac by going to System Preferences -> General -> Software Update.
The security fixes are as follows:
iOS 15.7.5 and iPadOS 15.7.5
Released April 10, 2023
IOSurfaceAccelerator
Available for: iPhone 6s (all models), iPhone 7 (all models), iPhone SE (1st generation), iPad Air 2, iPad mini (4th generation), and iPod touch (7th generation)
Impact: An app may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited.
Description: An out-of-bounds write issue was addressed with improved input validation.
CVE-2023-28206: Clément Lecigne of Google’s Threat Analysis Group and Donncha Ó Cearbhaill of Amnesty International’s Security Lab
WebKit
Available for: iPhone 6s (all models), iPhone 7 (all models), iPhone SE (1st generation), iPad Air 2, iPad mini (4th generation), and iPod touch (7th generation)
Impact: Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.
Description: A use after free issue was addressed with improved memory management.
WebKit Bugzilla: 254797
CVE-2023-28205: Clément Lecigne of Google’s Threat Analysis Group and Donncha Ó Cearbhaill of Amnesty International’s Security LabmacOS Big Sur 11.7.6
Released April 10, 2023
IOSurfaceAccelerator
Available for: macOS Big Sur
Impact: An app may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited.
Description: An out-of-bounds write issue was addressed with improved input validation.
CVE-2023-28206: Clément Lecigne of Google’s Threat Analysis Group and Donncha Ó Cearbhaill of Amnesty International’s Security Lab
macOS Monterey 12.6.5
Released April 10, 2023
IOSurfaceAccelerator
Available for: macOS Monterey
Impact: An app may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited.
Description: An out-of-bounds write issue was addressed with improved input validation.
CVE-2023-28206: Clément Lecigne of Google’s Threat Analysis Group and Donncha Ó Cearbhaill of Amnesty International’s Security Lab
Google’s Threat Analysis Group and Amnesty International’s Security Lab are credited with finding and reporting the issues to Apple.