Skip to content
Thoughtful, detailed coverage of everything Apple for 36 years
and the TidBITS Content Network for Apple professionals
33 comments

Security Updates for macOS 15.3.1, watchOS 11.3.1, and visionOS 2.3.1

Alongside the releases of iOS and iPadOS to address a USB Restricted Mode vulnerability (see “ iOS 18.3.1, iPadOS 18.3.1, and iPadOS 17.7.5 Block USB Restricted Mode Attack,” 10 February 2025), Apple also pushed out macOS 15.3.1 Sequoia, macOS 14.7.4 Sonoma, macOS 13.7.4 Ventura, watchOS 11.3.1, and visionOS 2.3.1. None of these releases have security notes listing CVE entries, suggesting they address a serious vulnerability Apple discovered internally. Release notes are currently available only for the three macOS updates, and they say only, “This update provides important security fixes and is recommended for all users.”

Security notes

All I can imagine is that Apple’s work on the USB Restricted Mode vulnerability in iOS and iPadOS uncovered another vulnerability in the core code shared by all of Apple’s operating systems. Without release notes that at least hint at the severity of this vulnerability, the unusual manner in which these were released is the only basis for recommending an immediate update. There’s no need to drop everything, but install these updates sooner rather than later.

Subscribe today so you don’t miss any TidBITS articles!

Every week you’ll get tech tips, in-depth reviews, and insightful news analysis for discerning Apple users. For over 36 years, we’ve published professional, member-supported tech journalism that makes you smarter.

Registration confirmation will be emailed to you.

This site is protected by reCAPTCHA. The Google Privacy Policy and Terms of Service apply.

Comments About Security Updates for macOS 15.3.1, watchOS 11.3.1, and visionOS 2.3.1

Notable Replies

  1. There’s another possibility. These updates may include the encryption back door demanded by the UK government.

    Security officials in the United Kingdom have demanded that Apple create a back door allowing them to retrieve all the content any Apple user worldwide has uploaded to the cloud, people familiar with the matter told The Washington Post. The British government’s undisclosed order, issued last month, requires blanket capability to view fully encrypted material, not merely assistance in cracking a specific account, and has no known precedent in major democracies…

    …Following the passing of the revised act, the new demand was reportedly issued to Apple in January 2025. Apple now has the right to make an appeal to a secret technical panel, and a judge. Significantly, however, the law does not allow Apple to delay complying with the order while the appeal is ongoing.

    https://www.macintouch.com/post/45121/britain-demands-apple-back-door/#more-45121

    And I’ve just gone and installed it before this occurred to me.

  2. Would the British back door need to be installed on individual devices? If it is intended to access data stored in the cloud, it seems to me, keeping in mind I am not a data center expert or a cryptologist, that the back door would be implemented at server farms.

  3. If Apple has the keys to decrypt cloud storage, then they don’t need to do anything to comply with the law. And it’s my understanding that Apple already does this in order to comply with valid court orders/warrants.

    But the UK wants access to anything saved with end-to-end encryption - content to which nobody (not even Apple) can access without an authorized device.

    Most people (and I) believe that the only kind of “back door” that Apple could implement to accomplish that would be to disable end-to-end encryption altogether. Some pundits have suggested that it may be disabled for UK users, but as others have pointed out, the UK’s is demanding access to all iPhones worldwide.

    If Apple is dumb enough to even consider complying with this order, then there will be no privacy on any Apple device ever again and we should all quickly install third-party encryption software before it gets banned from the App Store.

  4. I would assume it would have to be, at the very least for those folks who have already switched on Advanced Data Protection since Apple has no key to any of that encrypted data on their end.

    That said, I cannot imagine Apple would do something like that. Complying with that order in that way potentially breaks encryption for everybody and thus violates their on-device privacy core tenant. If they cannot somehow ‘reason’ with the UK on this, I would expect to see them rather give up iCloud encryption for UK users entirely before weakening it for everybody else.

  5. Furthermore, when has Apple (or really anyone) EVER turned a “FIX” (or anything else) around this fast?

  6. If you prefer to keep Apple Intelligence off, make sure to check that switch after this update. Apparently, Apple is once again flicking it back on with this “security update”.
    System Settings > Apple Intelligence & Siri
    The new welcome screen also lacks the “Set Up Later” option, effectively forcing install.

    Leads me to doubt how convinced users are with Apple’s AI efforts if Apple needs to force and/or trick them into turning the service on.

  7. I had that thought as I was installing 15.3.1 too. … However, although the UK law prohibits Apple from saying they added a backdoor for the UK, my understanding is that Apple would violate US law (and, presumably, EU law) if they were to add a backdoor and then falsely state that Advanced Data Protection for iCloud is end-to-end encrypted such that nobody else can access the data.

    I have a website monitoring service setup to monitor the following pages:

    • How to turn on Advanced Data Protection for iCloud (“If you choose to enable Advanced Data Protection, the majority of your iCloud data — including iCloud Backup, Photos, Notes, and more — is protected using end-to-end encryption. No one else can access your end-to-end encrypted data, not even Apple, and this data remains secure even in the case of a data breach in the cloud.”)
    • iCloud data security overview (“If you choose to enable Advanced Data Protection, your trusted devices retain sole access to the encryption keys for the majority of your iCloud data, thereby protecting it using end-to-end encryption. … End-to-end encrypted data can be decrypted only on your trusted devices where you’re signed in to your Apple Account. No one else can access your end-to-end encrypted data — not even Apple — and this data remains secure even in the case of a data breach in the cloud.”)
    • Advanced Data Protection for iCloud (“When a user turns on Advanced Data Protection, their trusted devices retain sole access to the encryption keys for the majority of their iCloud data, thereby protecting it with end-to-end encryption . For users who turn on Advanced Data Protection, the total number of data categories protected using end-to-end encryption rises from 14 to 23 and includes iCloud Backup, Photos, Notes, and more.”)

    My assumption is that Apple would have to update those pages before adding a backdoor for Advanced Data Protection for iCloud for users in the United States and, presumably, the European Union and certain other countries.

    That said, the UK order is yet another reason to use 1Password, Bitwarden, Strongbox, or KeePassium (or some other reputable password manager) instead of Apple’s Passwords app.

  8. It was specifically reported on Macs. This is the Mac thread.

  9. To be fair, Apple has released security or bug fix updates within days of a previous update on several occasions. It doesn’t happen often, not because it isn’t possible, but because the situation has to warrant it (the bug is serious, the security vulnerability is a bad zero-day, etc).

  10. I thought my parenthetical remarks were being fair, and my entire remark being fair to imply it was unlikely the updates included the hack that the British want.

    And in bonus fairness, neither of the updates enabled “Apple Intelligence” here, but that is now being reported by MacWorld and MacInTouch.

    ;~}

  11. Fair enough. :slight_smile: I just wanted to make sure Apple wasn’t being criticized for not releasing updates quickly when it was warranted. If anything, I suspect these updates are at least indirectly related to the USB Restricted Mode vulnerability fixed in iOS 18.3.1, and while it can be annoying to have yet another update to install, it’s evidence that Apple is serious about releasing important updates quickly.

  12. My impression is that neither large corporations nor large bureaucracies tend to turn on a dime. Although members of each of those two groups seem to expect the other group to do so. Apple, in this case, has acted in a commendably timely fashion.

    I suspect Apple lawyers will be up late for weeks/months over the UK situation. ;~}

  13. Well now isn’t that special…

    Installed macOS 15.3.1 in the wee hours this morning and discovered an anomaly in Finder

    When Date Added column is displayed “Aug 16, 1970” is indicated for many, if not all items

    In one folder containing 1817 folders, nested within the Documents directory, everything “modified” on or before Jan 3, 2025 show as “added” Aug 16, 1950. Later dates mostly correspond with their “Date Modified”

    In /Documents ALL top level entries show “added” Aug 16, 1950 regardless of Date Modified (ranging from 2019-2025)

    In Applications all third party apps display “Today at 01:16” (viz., time of installing 15.3.1) whereas Apple apps are indicated as Feb 4, 2025 (date I first fired up my mac Mini 2024)

    It didn’t mess with items on locally connected USB HDD folders, nor on my Synology NAS

    This condition persisted after Restarting

    How ‘bout them Apples !!!

    Anybody else seeing this?

  14. I am not. But it sounds like a corrupted Spotlight database for that volume. Rather than repeat it all here, I’ll point you to a recent thread that discussed various ways of rebuilding the Spotlight database.

    The TLDR summary is: use the Terminal command mdutil -E /

  15. Thanks Jeff for the response

    … only had a few minutes to tinker with it: scanned thru the “recent thread” (Trouble ejecting external drives) link and used one of Apple’s prescribed procedures to reindex Spotlight (viz., System Settings > Spotlight > Search Privacy… > (add, then remove, Macintosh HD)

    After confirming Spotlight was, indeed, “indexing” I let it cook for seven+ hours

    … alas, the Date Added anomaly persists in the previously sampled directories

    I also passed it along to Apple via Feedback Assistant

    When I get more time, I’ll give some of the other ‘Spotlight’ methods a try (e.g., the Terminal command you recommended.

    OK, soooo, TDLR = ???
    :slight_smile:

  16. I updated both of my Macs to OS 15.3.1, and so far, all is well. I do not store anything in the cloud (nor anywhere else outside of my Macs/external devices), so do not have to worry about that UK “edict”. Also, I did turn off AI (thanks Simon for the reminder!),

    Am pleased that Apple typically acts quickly with Security Updates. And for OS 15.3, so pleased they fixed the replicator, so that bootable backups are alive and well again, at least via SuperDuper!.

  17. Not seeing this either. But I use EasyFind, instead of Spotlight, for my searches. Excellent product, by the way!

    BTW Jeff, did you just update your Mac from OS 15.3 to OS 15.3.1, or did you do a clean installation? I just did an update on both of my Macs (M1 Mac Mini, and M3 MacBook Air).

  18. I checked objects (files and folders) in ~/Documents on my MacStudio. The earliest date for them is April 18, 2022, the date I migrated my system to my current Mac. Other dates are scattered over the length of my Mac Ownership.

    As I recall, the ‘Date Added’ field was not visible until recent years, and then only on files downloaded from the Internet.So, I suspect that the field for your files has been unfilled, and a default date was added to the system update.

  19. Yeah, I simply updated to 15.3.1 and the anomaly appeared thereafter. Before the update the frequently visited folders I surveyed correctly showed dates added

    I’m an EasyFind fan as well - in fact I use many DEVONtechnologies apps and “services” on a regular basis - they rock!

  20. Dunno Alan, it’s a mystery to me. I visit the folder with “1817 folders” pretty regularly where Date Added is displayed and ‘used’ regularly - I think I’d have noticed it before, albeit, I usually sort it in descending order when looking for most recent additions

    And, while I seldom display Date Added in the other folders I surveyed (e.g., Applications, Documents) it seems curious so many items were affected (read: afflicted)

    The only-est thing I can think of that may be at play is I “Migrated” all my stuff (documents, apps, etc) to the Mac Mini 2024 from their previous home on the iMac 2017 which contained way older stuff ‘migrated’ from earlier Macs which acquired “Dates Created” in 2018 when I setup the iMac 2017

  21. Seems possibly strange, although what you said about Migrating old “items” could be a possible culprit.

    And yeah, EasyFind rocks! I actually also use another excellent free app called AppCleaner, to remove an app I no longer need. But it (and similarly other ones) do not always find all items associated with an app that is being removed. That is when I “kick in” EasyFind, to locate those other items. AppCleaner and Easy Find, a winning (and free!) combination!

  22. Like minds! I use AppCleaner together with EasyFind for the same purpose! Furthermore, when a app has an Uninstaller.app I’ll run that, then let EasyFind uncover the rest of the cruft left behind… Like the old saying goes ‘mind the bytes and the MB’s will take care of themselves’ (adaptation of “Mind the pennies and the Pounds…”) - every litter bit helps

  23. Excellent, right on the money reply! Thanks for that. Nice to have users like you around.

    Just out of curiosity, is running an app’s Uninstaller app “better” than using AppCleaner? I actually have never done that.

    And your sayings are so, so accurate! To that I would add that I keep my Macs “lean, mean, and clean”. Have always done that, and will always do it. It has successfully led to me never having space issues on my SSDs/HDs. The other thing is that I use all 3rd party applications (not a single one from Apple) on my Macs (like AppCleaner and EasyFind), so I make a concerted effort to keep them up to date.

    Hope you get your issue resolved. Wish I could offer assistance. It does seem strange that it “just” happened with OS 15.3.1. And it seems you did the “move” to your M4 Mac Mini (thinking of getting one, although my M1 Mac Mini is rock solid) while OS 15.3 was out. Correct? Also wonder if a clean installation of OS 15.3.1 would help. Seems though you might have some “conflicts” with some of your “older” items. But that’s just a guess on my part.

  24. It is going to depend greatly on the app in question.

    Ordinarily, I would expect an app’s own uninstaller to do a better job, but “better” is actually a bit subjective here. For example:

    • Should the uninstaller remove your saved application preferences or not? If you think you might reinstall in the future, then you probably want to keep them. If you don’t plan on ever looking back, then you probably want to get rid of them.

    • Sometimes apps (especially open source ones) install prerequisite shared libraries that might be used by other apps as well. Should the uninstaller remove these as well? Probably only if nobody else is using it, but can you be sure?

      This is a common issue in the Linux world, which is why Linux packages typically include a long list of dependencies, so the system package manager can auto-install dependent packages and let you know if any other packages are using them after uninstallation.

      Mac package-management systems like MacPorts, Homebrew and Fink do this, but I am unaware of any commercial apps for macOS (or Windows, for that matter) that do.

    • How about associated cloud storage? Should an uninstaller delete the files or keep them? The “right” answer is going to depend greatly on the nature of those files. You probably want to keep documents. Maybe not other stuff.

      But if you have the app installed on multiple computers, you may want to leave all the cloud files in-place, since your other installations might still be using them.

    • What about media files? If you uninstall a content-creation app that ships with a lot of stock images/sounds/videos, do you want to delete them or not? They will be taking up a lot of space, but maybe you want to keep them for use with other apps.

    A well-written uninstaller should present you with some choices, asking what parts you want to keep or remove. But I don’t see a lot of that these days. Instead, the uninstallers that come with apps seem to work with the assumption that will later want to reinstall, so they leave behind files that will make it simpler (e.g. preferences, license key data, media files).

    But if you are never going to look back, then you will want to be rid of all that stuff, since it will just be wasting storage.

    Do tools like AppCleaner give you a choice? Or do they automatically take a maximal approach, blowing away everything the app originally installed?

  25. Thanks for the explanation. Apps like AppCleaner and EasyFind do first show a list of items which can be removed/deleted. For applications I want to remove, typically they are no longer useful, and thus AppCleaner is fine. Seems to do the job (along with, at times, “help” from EasyFind).

  26. My original thinking was that app developers should know where they stash all their stuff and thus remove it during an uninstall. However, from experience, that’s not always the case. David C. Shamino’s response is excellent in this regard offering many insights to consider.

    Yes, OS 15.3 came preinstalled on the 2024 Mac mini
    p.s. I seem to recollect discussions on the Mac Power User’s podcast suggesting users of earlier M series Macs may not notice much better performance in the M4 series in many cases… kinda depended partly on what kinda of computing power they needed for the apps they’re running.

    That said I’m loving the 2024 M4 so far - blazing fast - but then I’m comparing it to my 2017 iMac from which I upgraded (and still using, primarily as a media server via iTunes, as well as for Reaper (my preferred DAW) which is still only compatible with macOS 14

    I use a mix of Apple and 3rd party apps, but only a handful of Apple apps, like you preferring 3rd party apps in many cases.

  27. And after a reboot it reverted to the wrong format.

  28. For me, the date (no matter which one) is showing as Feb 23, 2025 (example, using today). And that is the way it is "formatted’ in Settings. Seems fine to me.


  29. I found this thread (again) because I just got the above message and I was hoping for a clue on how to dismiss it without triggering anything now or later. In general, I prefer to have a choice about when to install any kind of software. In this case, I can see two choices; is there a third?
  30. Yes, but it’s deceitfully well hidden. DO NOT CLICK EITHER BUTTON.

    Instead, click on the notification bubble somewhere outside of the button areas. That should launch the updates section in Settings. Then quit Settings. That will make sure nothing gets installed against your wishes (see Howard’s story above for how he got tricked into an undesired update).

    The notification can (and likely will) come up again the future. If/when that happens, follow the same advice to make sure nothing gets installed against your wishes.

  31. I often use what might be considered a fourth method— click & hold on a non-button area then sling the banner off the righthand edge of the screen, thus skipping the need to quit the System Settings app.

    Nevertheless the notification will return the next day or following a sleep/wake cycle.

Join the discussion in the TidBITS Discourse forum

Participants

Avatar for ace Avatar for Simon Avatar for aforkosh Avatar for neil1 Avatar for Jeff_Swart Avatar for akent35 Avatar for Will_M Avatar for fischej Avatar for Shamino Avatar for david_blanchard Avatar for Will_B Avatar for Halfsmoke Avatar for Scott5 Avatar for MacDrew2000 Avatar for thedigitalplumber