Enlarge (credit: Apple)

Apple has released security updates for iOS, iPadOS, macOS, and watchOS today to fix actively exploited zero-day security flaws that can be used to install malware via a "maliciously crafted image" or attachment. The iOS 16.6.1, iPadOS 16.6.1, macOS 13.5.2, and watchOS 9.6.2 updates patch the flaws across all of Apple's platforms. As of this writing, no updates have been released for older versions like iOS 15 or macOS 12.

The CVE-2023-41064 and CVE-2023-41061 flaws were reported by the Citizen Lab at the Munk School of Global Affairs & Public Policy at the University of Toronto. Also dubbed "BLASTPASS," Citizen Lab says that the bugs are serious because they can be exploited just by loading an image or attachment, which happens regularly in Safari, Messages, WhatsApp, and other first- and third-party apps. These bugs are also called "zero-click" or "clickless" vulnerabilities.

Citizen Lab also said that the BLASTPASS bug was "being used to deliver NSO Group’s Pegasus mercenary spyware ," the latest in a long line of similar exploits that have been used to infect fully patched iOS and Android devices.

Enlarge / Macs running macOS Ventura. (credit: Apple)

Apple's iOS 16, iPadOS 16, and macOS 13 operating systems are all due to be replaced with new versions in the next two or three months, but some bugs can't wait for a whole new release. The company has released iOS/iPadOS 16.6 and macOS 13.5 to fix several "actively exploited" security bugs, plus a handful of other security fixes for problems that have been reported to Apple but aren't being exploited in the wild yet. The release notes also mention unspecified "bug fixes" for each OS.

The new updates don't add anything by way of new features—at least, there aren't any mentioned in the release notes. This will likely be the case for most iOS 16 and macOS 13 Ventura updates going forward, as Apple shifts its focus to newer operating systems. The iOS/iPadOS 17 and macOS 14 Sonoma updates should be available in September or October, if Apple sticks to its historical release schedule. The public betas were released earlier this month.

Several of the security fixes in these updates were originally part of a Rapid Response security update for iOS 16.5.1 and macOS 13.4.1. The original version of that update was pulled post-release after it broke a few major websites on devices that installed it, but a working version with the same fixes was released soon after.

Enlarge (credit: Aurich Lawson)

A year ago, we compiled a model list of Macs spanning over two decades , complete with their launch dates, discontinuation dates, and all the available information about the macOS updates each model received. We were trying to answer two questions: How long can Mac owners reasonably expect to receive software updates when they buy a new computer? And were Intel Macs being dropped more aggressively now that the Apple Silicon transition was in full swing?

The answer to the second question was a tentative "yes," and now that we know the official support list for macOS Sonoma, the trendline is clear.

Macs introduced between 2009 and 2015 could expect to receive seven or eight years of macOS updates—that is, new major versions with new features, like Ventura or Sonoma—plus another two years of security-only updates that fix vulnerabilities and keep Safari up to date. Macs released in 2016 and 2017 are only receiving about six years' worth of macOS updates, plus another two years of security updates. That's about a two-year drop, compared to most Macs released between 2009 and 2013.

Enlarge (credit: Apple)

Apple has released new minor updates for iOS 16, macOS 13 Ventura, and most of its other actively supported operating systems that fix a pair of serious security bugs that the company says "may have been actively exploited." You should install the iOS and iPadOS 16.5.1 , macOS 13.4.1 , and watchOS 9.5.2 updates at your earliest convenience, if you haven't already.

One of the vulnerabilities, CVE-2023-32434, is a kernel-level flaw that can allow apps to "execute arbitrary code with kernel privileges." The other, a WebKit bug labeled CVE-2023-32439, can allow the execution of arbitrary code after processing "maliciously crafted web content."

The iOS and iPadOS 16.5.1 updates also fix a non-security bug "that prevents charging with the Lightning to USB 3 Camera Adapter."

Enlarge (credit: Apple)

CUPERTINO, Calif.—As expected, Apple has used the stage at its WWDC 2022 keynote to reveal the features and changes coming to macOS in the next major software update for the platform, macOS 13 Ventura.

Ventura's headlining feature is a new multitasking interface called Stage Manager. It's being billed as a way to fight window clutter on a busy desktop—enter Stage Manager mode, and one of your windows floats to the center of the screen, pushing your other windows into a compressed navigation column on the left of the screen. Click a different app window on the left, and it will fly to the center of the screen, knocking the app you were using before into the navigation column.

The Stage Manager feature in macOS Ventura. (credit: Apple)

Spotlight also gets some handy quality-of-life updates, adding the ability to Quick Look search results directly from the Spotlight window, and the ability to run Shortcuts from within Spotlight. Safari picks up the ability to share groups of tabs with other users, letting all users add and remove tabs. The browser is also adding a FIDO-compliant security technology called PassKeys, which aim to replace passwords with cryptographically generated keys that sync between devices using iCloud Keychain. Sites that support PassKeys can be opened using TouchID or FaceID.

Enlarge / The image Apple shared alongside the WWDC 2022 announcement. (credit: Apple )

June 6 marks the beginning of Apple's annual developer conference, WWDC. The week-long event will kick off with a keynote at 10 am PST on Monday loaded with announcements about new software features across Apple's various platforms.

For the first time since before the COVID-19 pandemic started, there will be a significant in-person audience for WWDC, too. And there will be countless sessions during the week on programming APIs, Swift features, and so on. But for most people around the world, new operating systems and hardware announcements are the main draw—and we'll see a few of those during the keynote on Monday.

It's important to note that WWDC isn't typically focused on product announcements for consumers. It's a place where Apple introduces new technologies and tools to developers.