OS Security Updates Plug Image and Wallet Vulnerabilities

Security updates for Apple’s core operating systems aim to plug two vulnerabilities actively being exploited in the wild. In the first vulnerability, processing a maliciously crafted image could lead to arbitrary code execution; it affects macOS, iOS, and iPadOS. In the second, the Wallet app could allow arbitrary code execution when processing a maliciously crafted attachment; it affects iOS, iPadOS, and watchOS. Apple doesn’t list any other changes in these updates:

• macOS Ventura 13.5.2
• iOS 16.6.1 and iPadOS 16.6.1
• watchOS 9.6.2

I recommend updating using Software Update as soon as is convenient—it’s dangerous to ignore vulnerabilities that could be weaponized through simple and easily automated email and text messages.

It’s too bad Apple didn’t address these vulnerabilities with Rapid Security Response updates that are so much faster to install and easily reverted. The need for a watchOS update may be why, given that Rapid Security Responses are available only for macOS, iOS, and iPadOS (see “What Are Rapid Security Responses and Why Are They Important?” 2 May 2023).

Apple hasn’t indicated whether these image and Wallet vulnerabilities also affect older versions of its operating systems, but I wouldn’t be surprised to see additional updates.