The Mac Security Blog

Software & Apps

Apple releases macOS 13.2, iOS 16.3, surprise iOS 12.5.7; neglects still-sold Apple Watch Series 3

Posted on by

This week, Apple released updates for its operating systems. These included iOS and iPadOS 16.3 as well as macOS Ventura 13.2, introducing new features as well as bug and security fixes.

In this article, we’ll take a look at some highlights of the new features, bug fixes, and security patches included in each updates.

We’ll also take a look at Apple’s discrepancy between a highly unexpected patch for ten-year-old iPhones and iPads, while continuing to neglect to patch a still-sold Apple Watch model.

In this article:

macOS Ventura 13.2

Available for:
All supported Macs currently running macOS Ventura

New features:

How to protect your Apple ID account with Security Keys on iPhone, iPad, or Mac

Enterprise:

  • MDM can now restrict and install Rapid Security Responses.

Improvements and bug fixes:

  • Fixes an issue in Freeform where some drawing strokes created with Apple Pencil or your finger may not appear on shared boards
  • Fixes an issue where VoiceOver may stop offering audio feedback while you are typing
  • The profiles renew command can now succeed for an enrollment profile when CheckInURL is changed.
  • Resolves an issue where macOS Recovery would become unresponsive after selecting a language.
  • Resolves an issue where System Settings would prompt to update Apple ID settings when no Apple ID is signed in.
  • Webloc files now automatically open in the default web browser.

Security-related fixes and updates:
At least 26 vulnerabilities were addressed in this update. Here are a few of the more notable ones:

AppleMobileFileIntegrity
Impact: An app may be able to access user-sensitive data
Description: This issue was addressed by enabling hardened runtime.

 

DiskArbitration
Impact: An encrypted volume may be unmounted and remounted by a different user without prompting for the password
Description: A logic issue was addressed with improved state management.

 

Mail Drafts
Impact: The quoted original message may be selected from the wrong email when forwarding an email from an Exchange account
Description: A logic issue was addressed with improved state management.

 

Screen Time
Impact: An app may be able to access information about a user’s contacts
Description: A privacy issue was addressed with improved private data redaction for log entries.

 

Wi-Fi
Impact: An app may be able to disclose kernel memory
Description: The issue was addressed with improved memory handling.

For the full list of security patches included in Ventura 13.2, have a look here.

You can get this update by going to System Preferences > Software Update, where compatible Macs running macOS Mojave or newer will see the Monterey update appear. If your Mac is running macOS High Sierra or older, look for macOS Ventura in the App Store and download it from there.

macOS Monterey 12.6.3

Available for:
All supported Macs currently running macOS Monterey

Enterprise, improvements and bug fixes:

  • Resolves an issue where using MDM to install a macOS 12 Monterey update may install macOS 13 Ventura.
  • The softwareupdate command line tool no longer lists macOS 13 Ventura as an available update when it is deferred by MDM.

Security-related fixes and updates:
At least 18 vulnerabilities were addressed. All of them the same as those addressed in the macOS Ventura update.

For the full list of security patches included in Monterey 12.6.3, have a look here.
You can get this update by going to System Preferences > Software Update.

macOS Big Sur 11.7.3

Available for:
All supported Macs currently running macOS Monterey

Security-related fixes and updates:
At least 8 vulnerabilities were addressed in this update, all of them the same as those addressed in the macOS Monterey and Ventura updates.

For the full list of security patches included in Big Sur 11.7.3, have a look here.

You can get this update by going to System Preferences > Software Update.

Safari 16.3

Available for:
macOS Big Sur and macOS Monterey.

This update addresses 3 WebKit issues, the same as those addressed in the macOS updates.

The short list of fixes can be seen here, and the update is available in System Preferences > Software Update on your Mac. It will pop up as an available update once macOS 12.6.3 or 11.7.3 has been installed.

iOS 16.3 and iPadOS 16.3

Available for:
iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later

New features & functionality:

  • This update introduces a new Unity wallpaper to honor Black history and culture in celebration of Black History Month (iPhone only) and introduces Security Keys for Apple ID.
  • Support for HomePod (2nd generation)

Enterprise:

  • Network extensions that provide content filtering will properly filter web browsing.
  • Users can send MMS messages when Always On VPN is configured.

Improvements and bug fixes:

  • Emergency SOS calls now require holding the side button with the up or down volume button and then releasing in order to prevent inadvertent emergency calls
  • Fixes an issue in Freeform where some drawing strokes created with Apple Pencil or your finger may not appear on shared boards
  • Addresses an issue where the wallpaper may appear black on the Lock Screen
  • Fixes an issue where horizontal lines may temporarily appear while waking up iPhone 14 Pro Max
  • Fixes an issue where the Home Lock Screen widget does not accurately display Home app status
  • Addresses an issue where Siri may not respond properly to music requests
  • Resolves issues where Siri requests in CarPlay may not be understood correctly
  • Exchange Mail notifications are delivered more reliably on sleeping devices.
  • Mail attachments work more reliably when copied from one message and pasted to another.
  • Resolves an issue where VPN profiles failed to update.
  • Improves reliability when using Always On VPN and a Global Proxy.

Security-related fixes and updates:
At least 13 vulnerabilities were addressed in this update, all of them the same as those addressed in the macOS updates.

The full list of security issues that were addressed can be found here. To get your hands on this latest update, connect your device to your Mac and follow the update prompts. You can also download these updates over the air by going to Settings > General > Software Update on your device.

iOS 15.7.3 and iPadOS 15.7.3

Available for:
iPhone 6s (all models), iPhone 7 (all models), iPhone SE (1st generation), iPad Air 2, iPad mini (4th generation), and iPod touch (7th generation)

Security-related fixes and updates:
Just 5 vulnerabilities were addressed in this update, all of them the same as those covered in the previously mentioned OS updates.

The full list of security issues that were addressed can be found here. To get this latest update, connect your device to your Mac and follow the update prompts. You can also download these updates over the air by going to Settings > General > Software Update on your device.

iOS 12.5.7 — a rather big surprise

Available for:
iPhone 5s, iPhone 6, iPhone 6 Plus, iPad Air, iPad mini 2, iPad mini 3, and iPod touch (6th generation)

Security-related fixes and updates:
Surprisingly, Apple actually released another iOS 12 security update. Prior to this week, the last iOS 12 update was released in August, before iOS 16 came out. Most people who track Apple security updates had assumed, due to the lack of intervening updates, that Apple was no longer supporting iOS 12 in any way.

And yet, here we are again. iOS 12.5.7 received a single security fix, specifically to address the actively exploited vulnerability that was fixed in iOS 16.2 back in mid-December.

WebKit
Impact: Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited against versions of iOS released before iOS 15.1.
Description: A type confusion issue was addressed with improved state handling.

While it might seem nice that Apple is still releasing the rare, extremely late security updates for iOS 12 to address actively exploited vulnerabilities, it’s deeply concerning from another perspective. Apple is giving users of devices running iOS 12 a false sense of security by seeming to still provide security updates, while leaving nearly all vulnerabilities unpatched—including very serious ones that aren’t known to have been actively exploited. The average user has no concept that only solo, token security updates are being provided while leaving their device at great risk, for example by leaving them exposed to numerous WebKit vulnerabilities while browsing the Web. Third-party browser on iOS 12 aren’t a solution, because Apple forced all browsers to use its WebKit page rendering engine.

The page mentioning the security fix can be found here. To get this latest update, connect your device to your Mac and follow the update prompts. You can also download these updates over the air by going to Settings > General > Software Update on your device.

watchOS 9.3

Available for:
Apple Watch Series 4 and later

New features:

  • Includes the new Unity Mosaic watch face to honor Black history and culture in celebration of Black History Month.

Security-related fixes and updates:
At least 12 vulnerabilities were addressed in this update, all of them the same as those covered in the previously mentioned OS updates. The full list can be found here.

To install this update, make sure your iPhone is up to date first, both your phone and watch are connected to the same Wi-Fi network, and the watch has at least a 50% charge. Then open the Watch app on your phone and tap General > Software Update.

watchOS 8 — still no security updates

Meanwhile, there’s still no word on when (or if) Apple Watch Series 3—which Apple still sells refurbished—will get watchOS 8 security updates. Apple has, for unknown reasons, chosen not to release watchOS 9 for this model, putting the device in an awkward state of limbo.

The most recent security update for watchOS 8 was in mid-August, about a month before watchOS 9 came out. That means it has been more than five months since the Apple Watch Series 3 has gotten any security updates.

As we’ve mentioned previously, simultaneous updates for watchOS versions would not be unprecedented. As recently as late 2020, Apple released simultaneous updates for two or three watchOS versions at a time, mainly to support older Apple Watch models.

It’s hard to understand how Apple can justify such seemingly negligent behavior regarding any product that it’s still selling.

Intego has asked Apple multiple times since October for an update regarding watchOS 8 security for the Apple Watch Series 3, but Apple has neglected to respond to our inquiries.

tvOS 16.3

Available for:
Apple TV 4K (all generations), and Apple TV HD (aka 4th generation)

For some reason, Apple delayed releasing a tvOS update until a day after all the others were released.

Security-related fixes and updates:
At least 11 vulnerabilities were addressed in this update, each of which was included in the previously mentioned OS updates. You can find the full list here.

The tvOS update can be downloaded directly from the Apple TV by going to Settings > System > Update Software.

Key takeaways

If you get nothing else out of this article, here are some key points:

  • Apple released a bunch of updates this week; check for and install updates on all your Apple devices!
  • iOS 12 still isn’t safe to use online, in spite of receiving an unexpected update this week.
  • At this point, macOS Ventura, iOS 16, and iPadOS 16 are the only safe operating systems to use on Macs, iPhones, and iPads, respectively.
    • If you have a Mac for which Apple doesn’t officially support Ventura, you may be able to upgrade it anyway.
    • If you have an older iPhone or iPad that isn’t compatible with 16.x, buying a new model is the safest option.
  • Don’t buy an Apple Watch Series 3. Apple has not been providing security updates for it for more than five months now.

It is advisable to update to the latest operating systems as soon as you reasonably can. Even if you aren’t interested in new features, it’s always important to get the benefits of new security fixes as quickly as possible to help you stay protected.

If you have a Mac running Monterey or Big Sur that’s compatible with Ventura, you may wish to update to the new Monterey or Big Sur version, and then as soon as practical, upgrade to macOS Ventura. Here’s why. Generally speaking, it is best to update to the latest Apple OS versions quickly for security reasons. For maximum security, one cannot rely on any minimal security patches Apple may release for previous OS versions.

Apple’s Poor Patching Policies Potentially Make Users’ Security and Privacy Precarious

Whenever you’re preparing to update iOS, iPadOS, or macOS, always back up your data before installing any updates. This gives you a restore point if something does not go as planned.

See also our related article on checking your macOS backups:

How to Verify Your Backups are Working Properly

.

How can I learn more?

Each week on the Intego Mac Podcast, Intego’s Mac security experts discuss the latest Apple news, including security and privacy stories, and offer practical advice on getting the most out of your Apple devices. Be sure to follow the podcast to make sure you don’t miss any episodes.

You can also subscribe to our e-mail newsletter and keep an eye here on The Mac Security Blog for the latest Apple security and privacy news. And don’t forget to follow Intego on your favorite social media channels: Follow Intego on X/Twitter Follow Intego on Facebook Follow Intego on YouTube Follow Intego on Pinterest Follow Intego on LinkedIn Follow Intego on Instagram Follow the Intego Mac Podcast on Apple Podcasts

About Jay Vrijenhoek

Jay Vrijenhoek is an IT consultant with a passion for Mac security research. View all posts by Jay Vrijenhoek →