Apple has released iOS 18.1.1, iPadOS 18.1.1, and macOS Sequoia 15.1.1, all to tackle vulnerabilities that have been “actively exploited” on some devices.
Official release notes for the iOS and iPadOS updates say that the vulnerabilities existed in JavaScript as well as WebKit, the open-source web browsing engine that underlies Safari. Malicious web content could be used to allow “arbitrary code execution” in the case of JavaScript, Apple says, and cross-site scripting attacks in the case of WebKit.
The only real-world exploits have been on Intel Macs however, which Apple began phasing out in 2020. As of fall 2024, every available Mac model relies on one of Apple’s M-series chips. iPads have always featured one of Apple’s A- or M-series chips, meanwhile, and the last iPhone to use a third-party processor was 2009’s iPhone 3GS.
Discovery of the vulnerabilities is credited to Clément Lecigne and Benoît Sevens, both from Google’s Threat Analysis Group. That unit tackles a variety of security problems, including government-sponsored attacks and spyware. Apple isn’t identifying any parties responsible for targeting the recent JavaScript and WebKit issues.
Typically Apple only seeds minor “x.x.x” point releases if serious bugs or vulnerabilities demand a quick solution. iOS 18.1, iPadOS 18.1, and macOS 15.1 were mostly geared toward introducing Apple Intelligence, which was first announced at WWDC 2024 in June. The generative AI tech is still in its early stages, in fact — it will take several upcoming point releases to add things like ChatGPT integration, and a more advanced version of Siri with support for controlling in-app features. Those are expected to roll out over the course of the next several months, the first being iOS 18.2 in December.