Apple releases macOS Ventura 13.0.1, iOS 16.1.1 and iPadOS 16.1.1 to patch two security issues

Apple has released the macOS Ventura 13.0.1, iOS 16.1.1 and iPadOS 16.1.1 for all users. The updates patch two security vulnerabilities in the operating systems.

What's new in macOS Ventura 13.0.1, iOS 16.1.1 and iPadOS 16.1.1

The Cupertino company has credited three security researchers of the Google Project Zero team for discovering the vulnerabilities. According to the release notes published on Apple's website, both issues are related to libxml2, which is a library that is used for parsing XML and HTML files. So these vulnerabilities affect other operating systems as well, including Linux distros.

The first issue, which has been identified as CVE-2022-40303, could allow a remote user attackers to terminate an app or execute arbitrary code. Apple says it fixed the issue by addressing an integer overflow through improved input validation.

The other issue, filed as CVE-2022-40304, could have a similar impact, i.e. an attack can cause an unexpected app termination or remote code execution. The vulnerability was mitigated by improving some checks. You can find the original reports by the security experts here: 1 and 2.

Usually, when such vulnerabilities have been exploited by threat actors, Apple mentions it in the security update documentation to educate users about potential risks. These two security issues, however, don't have that warning, which means that no known attacks have been reported. That doesn't mean you should skip the update,

macOS 13.0.1 is the first update that has rolled out since macOS Ventura was released a few weeks ago. The firmware build number is 22A400. If you haven't updated to the new operating system yet, you may want to read our previous articles to learn about the new features in macOS 13. For those who are still finding their way around the new System Settings, you can check for updates manually by going to the General > Software Update page.

The iOS 16.1.1 update is available for the iPhone 8 and later, while the iPadOS 16.1.1 update is available for all iPad Pro models, iPad Air 3rd generation and later, iPad 5th generation and later, and the iPad Mini 5th generation and later.

Apple is yet to patch the vulnerabilities for devices that are running on iOS 15, iPadOS 15, macOS Big Sur and Monterey. This is not unusual, the company releases security updates for legacy devices a few days after patching the current versions of the operating systems. You can keep an eye on Apple's security updates page to see if an update is available for your iPhone, iPad or Mac. You will also find the release notes for iOS 16.1.1, iPados 16.1.1, along with the change log for macOS 13.0.1 on the same page.

I noticed a minor bug in the Settings app's Software Update section, it showed that the macOS 13.0.1 update is about 606 MB in size. But, the actual download size that was reported by the updater was more than double of that, at around 1.46 GB. I haven't come across any other issues in macOS Ventura, and I've been using it since the first Dev build was released.

That said, Apple seems to have improved the installation process for the updates, it's noticeably faster now. My MacBook Air was ready to use in a few minutes after a restart to complete the process.  That's quite impressive, as it usually took 10-20 minutes even for minor updates to be installed on macOS Monterey.

Have you updated your device?

Advertisement