Apple Releases Patches for 84 Vulnerabilities Across iOS, macOS, watchOS, tvOS, and VisionOS
What Happened — Apple’s May 11, 2024 update shipped fixes for 84 separate security flaws spanning iOS, iPadOS, macOS (versions 14 & 15), tvOS, watchOS, and the newly‑released visionOS. The patches address issues ranging from memory‑corruption bugs to privilege‑escalation flaws.
Why It Matters for TPRM —
- A large, heterogeneous set of vulnerabilities could be weaponised against any organisation that relies on Apple devices.
- Unpatched Apple endpoints remain a viable attack surface for credential‑stealing, ransomware, or espionage campaigns.
- Supply‑chain risk: many third‑party apps and services run on these platforms; a flaw in the OS can cascade to downstream vendors.
Who Is Affected — Enterprises across all sectors that deploy Apple hardware or support iOS/macOS‑based applications (e.g., finance, healthcare, education, media, and technology).
Recommended Actions —
- Verify that all Apple devices are running the latest OS versions (iOS 18+, iPadOS 18+, macOS 14/15, tvOS, watchOS, visionOS).
- Prioritise remediation of devices still on legacy releases that are no longer receiving patches.
- Review endpoint‑security controls (EDR, MDM) to ensure they enforce timely updates.
- Re‑assess any third‑party SaaS solutions that rely on Apple OS components for potential exposure.
Technical Notes — The update covers 84 CVEs, many of which are rated “Critical” or “High” by Apple’s security advisory. Vulnerabilities include memory‑corruption (CVE‑2024‑XXXX), kernel privilege escalation (CVE‑2024‑YYYY), and WebKit remote code execution (CVE‑2024‑ZZZZ). No public exploits have been reported at the time of publishing, but threat actors routinely monitor Apple advisories for zero‑day opportunities. Source: SANS Internet Storm Center