Apple is nearly ready with major updates for iPhone, iPad, and Macs. However, right before iOS 16, Apple rushed out minor updates for macOS, iOS, and iPadOS. These updates contain patches for security vulnerabilities.
Apple has released macOS 12.5.1, iOS 15.6.1, and iPadOS 15.6.1 for security flaws the company indicates “may have been actively exploited”. Simply put, these are mandatory security updates, and users should install them on qualifying devices as soon as possible.
All three updates fix the same set of security flaws. One of the bugs has been tagged and tracked with CVE ID CVE-2022-32894. This is a kernel-level vulnerability that can allow unauthorized apps “to execute arbitrary code with kernel privileges”.
The other security bug is being tracked with CVE ID CVE-2022-32893. It is a WebKit bug that allows for arbitrary code execution via “maliciously crafted web content.” WebKit is used by Apple in its own apps, such as the Safari browser. Even the company’s Mail app uses Apple's WebViews to render and display content.
The security flaws exist within the underlying code that Apple uses extensively. Hence, it is quite likely that previous editions of macOS, such as macOS Catalina and Big Sur, could also be vulnerable. However, Apple hasn’t released any patches for these older versions, yet. Still, Apple has been sending out regular security updates to these versions. In other words, Apple could send out patches for these versions soon.
The release notes for these updates do not mention any other fixes or features. Nevertheless, users are strongly urged to accept and install these updates as soon as possible.