Apple Has Issued a Security Patch in Response to an ‘Extremely Sophisticated Attack’
Breaking news: Apple has released another security update, and you should install it right away. While it seems like there’s always a new update for us Apple users to install on our devices, this one is a bit more exciting than usual, targeting what the company has described as “an extremely sophisticated attack.”
Apple’s latest security patch
On Tuesday, March 11, Apple dropped a series of updates for its devices. That includes iOS 18.3.2 for iPhones; iPadOS 18.3.2 for iPads, macOS Sequoia 15.3.2 for Macs, Safari 18.3.1, tvOS 18.3.1, and visionOS 2.3.2 for Apple Vision Pro.
With the exception of tvOS, which doesn’t contain release notes at this time, all of these updates appear to patch the same singular vulnerability: “Impact: Maliciously crafted web content may be able to break out of Web Content sandbox. This is a supplementary fix for an attack that was blocked in iOS 17.2. (Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals on versions of iOS before iOS 17.2.)”
It appears an out-of-bounds write issue (which happens when a program writes data that does not belong to it) allowed bad actors to attack users running versions of iOS older than 17.2. Apple’s language implies that these are capable actors with specific targets, and while Apple doesn’t say, it’s possible that involves high-profile personalities such as politicians or journalists. The company says the issue was blocked in iOS 17.2, but since there are users who were attacked running earlier versions of iOS, it seems this update was necessary regardless.
As with most security updates, we don’t have all the details here. Companies like Apple keep some of the story to themselves, so bad actors don’t know exactly what the companies know. Even if you’re running iOS 18.3.1, you’ll want to install the latest security patch on all of your eligible Apple devices right now to protect yourself.
Security patches vs. software updates
Some platforms separate security patches and software updates as two distinct processes. Not Apple. Usually, the company couples security patches and software updates together, which creates some interesting situations. You can have a feature-filled software update that is also full of security patches, a feature-filled software update with few (or no) security patches, or a software update with few (or no) features, and any number of security patches.
It’s this latter category that this post will focus on exclusively. See, every now and then, Apple will discover a critical security vulnerability on its platforms. This isn’t necessarily Apple’s fault: Software inherently contains security vulnerabilities, and the goal is to discover these before bad actors do. However, whenever these security flaws do come to light, it’s imperative to push them out to users as quick as possible—especially if that flaw has already been used by bad actors.
These are the times when you see software updates on your iPhone or Mac that look like a weirdly long string of numbers—iOS 18.3.2, for example. iOS 18 is the big update, with all the keynote features; 0.3 is the minor update, that comes with some new features; and while it’s possible a 0.0.2 update could come with new features, it usually denotes security patches and bug fixes.
There is an exception to this rule: Apple’s Rapid Security Responses. These are strictly security patches—not feature updates—and are deployed when it’s absolutely critical to patch a security flaw on customers’ devices. You’ll know when one of these hits your device, since it not only says “Security Response,” but also includes an (a) to denote this isn’t a standard update.
This isn’t a Security Response, though: This is an update, that just so happens to be a security patch. I know—not confusing at all.
How to install a security patch on your Apple device
Again, security patches like 18.3.2 are just software updates. As such, you can install these patches just as you would any other Apple update. On most Apple devices, you can head to Settings (System Settings for macOS) > General > Software Update, then follow the on-screen instructions to download and install the latest update.
