Security News

Apple releases iOS 14.5, watchOS 7.4, macOS 11.3 and more

Posted on April 29th, 2021 by

Apple this week released updates to all of their operating systems and to the Safari web browser. These updates do contain not only bug fixes and security patches but also a number of new features and functionality, such as [the new feature that tells apps not to track you on iOS](https://www.intego.com/mac-security-blog/how-to-tell-apps-not-to-track-you-in-ios-14-5/). Here is a rundown of some of the more notable features and security related fixes.

iOS 14.5 and iPadOS 14.5

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation).

The list of new features and functionality is long but here are some of the more notable ones:

  • Ability to unlock your iPhone X and later with Apple Watch Series 3 and later when you attempt to use Face ID while wearing a face mask
  • Support for AirTags to keep track of and find important items like your keys, wallet, backpack and more, privately and securely in the Find My app
  • Emergency contacts can be called by asking Siri
  • Accidents, hazards, or speed checks along your route can be reported by telling Siri on your iPhone or on CarPlay
  • Bug fix: Deleted messages may still appear in Spotlight search
  • And the most important new feature: App Tracking Transparency lets you control which apps are allowed to track your activity across other companies’ apps and websites for ads or sharing with data brokers

You may have seen the newspaper ads that Facebook took out, attempting to claim that Apple’s new App Tracking Transparency will hurt small businesses. Facebook is less worried about small businesses, but more worried about their potential revenue loss. Privacy-conscious users will certainly welcome the feature, since it gives users more control over who can collect their data. This new feature requires apps to ask for your permission to access your random advertising identifier, which is used to track your activity across the web and apps.

The full list of new features and improvements can be found here. Let’s have a look at the security fixes that are part of this update, 50 in total.

AppleMobileFileIntegrity
Impact: A malicious application may be able to bypass Privacy preferences
Description: An issue in code signature validation was addressed with improved checks.

CFNetwork
Impact: Processing maliciously crafted web content may disclose sensitive user information
Description: A memory initialization issue was addressed with improved memory handling.

FaceTime
Impact: Muting a CallKit call while ringing may not result in mute being enabled
Description: A logic issue was addressed with improved state management.

Password Manager
Impact: A user’s password may be visible on screen
Description: An issue obscuring passwords in screenshots was addressed with improved logic.

Shortcuts
Impact: An application may allow shortcuts to access restricted files
Description: The issue was addressed with improved permissions logic.

The full list of security issues addressed can be found here.

You can also download these updates over the air by going to Settings > General > Software Update on your iPhone, iPad, or iPod touch.

iOS 12 & 13

No updates were made available for iOS 12 or 13. It’s worth pointing this out, because of severity of the issues fixed in iOS 14 so far, it’s not a good idea to keep using these older versions of iOS.

tvOS 14.5

Available for: the Apple TV HD and Apple TV 4K.

I was happy to learn the newly announced color balance calibration feature was coming to older Apple TV hardware in addition to the recently-announced Apple TV 4K. This allows you to use an iPhone with Face ID and iOS 14.5 to measure your television’s color balance. The Apple TV compensates to produce more accurate colors onscreen.

Support for the latest PlayStation DualSense and Xbox Wireless controllers was also added.

35 security issues were addressed. Most of them the same as those addressed in iOS and iPadOS 14.5.

The full list of security issues addressed can be found here.

To update your Apple TV, go to Settings > System > Update Software. It’s best to turn on automatic updates on the Apple TV so you don’t have to worry.

watchOS 7.4

Available for: Apple Watch Series 3 and later.

This update includes new features, improvements, and bug fixes, including:

  • Ability to unlock your iPhone X and later with Apple Watch when you attempt to use Face ID while wearing a face mask
  • Option to classify Bluetooth device type in Settings for correct identification of headphones for audio notifications
  • Ability to stream audio and video content from Apple Fitness+ workouts to AirPlay 2-enabled TVs and devices
  • Support for the ECG app on Apple Watch Series 4 or later in Australia and Vietnam
  • Support for irregular heart rhythm notifications in Australia and Vietnam

A total of 38 security issues were addressed. Most of them the same as those addressed in iOS 14.5, iPadOS 14.5 and tvOS 14.5.

The full list of security issues addressed can be found here.

To install this update, make sure your iPhone is up to date first, both your phone and watch are connected to the same Wi-Fi network and the watch has at least a 50% charge. Then open the Watch app on your phone and tap General > Software Update.

watchOS 6

As with older versions of iOS, watchOS 6 has not benefited from this round of security updates.

macOS Big Sur 11.3

Many of the new features and enhancements in the iOS and iPadOS updates are also available in the latest version of macOS, including support for AirTags and new emoji. New features specific to the Mac are:

  • Option to change an iPhone and iPad app’s window size
  • Support for displaying the highest resolution version of an iPhone or iPad app in full screen
  • Keyboard support for iPhone and iPad games designed to use device tilt
  • Keyboard, mouse, and trackpad support for iPhone and iPad games that support game controllers
  • Hibernation support for Macs with an M1 chip
  • About this Mac displays Apple warranty status and AppleCare+ coverage in the Service tab when signed in with Apple ID
  • Support for purchasing and enrolling in AppleCare+ for eligible Mac computers from About This Mac

Note that all the features mentioned above about iPhone and iPad apps only apply to the new M1 Macs, which can run these apps.

There are 59 security fixes, many of which are the same as those found in iOS and iPadOS, but here are a few specific to the Mac:

APFS
Impact: A local attacker may be able to elevate their privileges
Description: A logic issue was addressed with improved state management.

Archive Utility
Impact: A malicious application may bypass Gatekeeper checks
Description: A logic issue was addressed with improved state management.

DiskArbitration
Impact: A malicious application may be able to modify protected parts of the file system
Description: A permissions issue existed in DiskArbitration. This was addressed with additional ownership checks.

Installer
Impact: A malicious application may bypass Gatekeeper checks
Description: This issue was addressed with improved handling of file metadata.

System Preferences
Impact: A malicious application may bypass Gatekeeper checks
Description: A logic issue was addressed with improved state management.

The full list of security issues addressed can be found here.

To install this update, visit the Software Update pane in System Preferences (Apple menu > System Preferences > Software Update).

Security Update 2021-002 Catalina

The latest security update for Catalina includes 32 security fixes and are the same as those found in the latest Big Sur update.

The full list of security issues addressed can be found here.

To get this update, visit the Software Update pane in System Preferences (Apple menu > System Preferences > Software Update).

This security update can also be downloaded directly from Apple’s website here.

Security Update 2021-003 Mojave

The latest security update for Mojave includes 30 security fixes and are the same as those found in the latest Big Sur update.

The full list of security issues addressed can be found here.

To get this update, visit the Software Update pane in System Preferences (Apple menu > System Preferences > Software Update).

This security update can also be downloaded directly from Apple’s website here.

Safari 14.1

Available for: macOS Catalina and macOS Mojave.

This is a small update for Mojave and Catalina users that fixes two security vulnerabilities.

To get this update, visit the Software Update pane in System Preferences (Apple menu > System Preferences > Software Update). For Big Sur users the latest version of Safari is built into the 11.3 update.

Whether you’re using iOS, iPadOS or macOS, always back up your data prior to installing any updates.

 

How can I learn more?

Each week on the Intego Mac Podcast, Intego’s Mac security experts discuss the latest Apple news, security and privacy stories, and offer practical advice on getting the most out of your Apple devices. Be sure to follow the podcast to make sure you don’t miss any episodes.

We discussed these security updates and more in episode 185 of the Intego Mac Podcast.

You can also subscribe to our e-mail newsletter and keep an eye here on Mac Security Blog for the latest Apple security and privacy news. And don’t forget to follow Intego on your favorite social media channels: Facebook, Instagram, Twitter, and YouTube.

About Jay Vrijenhoek

Jay Vrijenhoek is an IT consultant with a passion for Mac security research. He conducts independent malware protection tests, and also writes about privacy and security related matters on his blog Security Spread. Follow him on Twitter at @SecuritySpread. View all posts by Jay Vrijenhoek →