Security News

Apple releases iOS 14, watchOS 7 and more with security updates

Posted on September 17th, 2020 by

This week Apple released updates to most of its operating systems and the macOS version of the Safari browser. Here’s a brief rundown of the security fixes included with each update as well as some of the non-security changes.

iOS 14.0 and iPadOS 14.0

Available for: iPhone 6s and later, iPod touch 7th generation, iPad Air 2 and later, and iPad mini 4 and later
Apple says of these updates:

iOS 14 updates the core experience on iPhone, includes significant app updates, and other new features.

iPadOS 14 introduces redesigned apps, new Apple Pencil features, and other improvements.

A few non-security highlights:

  • (iOS) Redesigned widgets can be placed right on the Home Screen
  • (iOS) The App Library automatically organizes all of your apps into categories
  • (iOS & iPadOS) Incoming phone and FaceTime calls appear as a banner at the top of the screen
  • (iPadOS) App sidebars have a new look that deliver more of the app’s functionality in the main window
  • (iPadOS) Write in any text field with Apple Pencil and your writing automatically converts to typed text

At least 11 security issues were addressed in iOS and iPadOS. Here are some notable ones:

Icons
Impact: A malicious application may be able to identify what other applications a user has installed.
Description: The issue was addressed with improved handling of icon caches.

Keyboard
Impact: A malicious application may be able to leak sensitive user information.
Description: A logic issue was addressed with improved state management.

Phone
Impact: The screen lock may not engage after the specified time period.
Description: This issue was addressed with improved checks.

Siri
Impact: A person with physical access to an iOS device may be able to view notification contents from the lockscreen.
Description: A lock screen issue allowed access to messages on a locked device. This issue was addressed with improved state management.

WebKit
Impact: Processing maliciously crafted web content may lead to a cross site scripting attack.
Description: An input validation issue was addressed with improved input validation.

The full list of security issues addressed can be found here.

tvOS 14.0

Available for: the Apple TV HD and Apple TV 4K
New features include:

  • Quick game resume
  • Picture-in-picture
  • Screensaver selection
  • 4K playback support from YouTube and AirPlay

At least four security issues were addressed. All of them the same as those addressed in iOS and iPadOS 14.0, making this a small update security-wise.

The full list of security issues addressed can be found here. The tvOS update can be downloaded directly from the Apple TV by going to Settings > System > Update Software.

watchOS 7.0

Available for: Apple Watch Series 3 and later, this is the first watchOS that drops support for the Series 1 and 2.
New features include:

  • Family Setup
  • More customizable watch faces
  • Watch face sharing
  • Sleep app
  • And more

At least four security issues were addressed, and they are the same as those addressed in tvOS 14.0 and also included iOS 14.0 and iPadOS 14.0.

The full list of security issues addressed can be found here.

Safari 14.0

The latest version of Safari is available for macOS Catalina (10.15) and macOS Mojave (10.14). Note that macOS High Sierra (10.13) is not supported, because macOS Big Sur (11) is coming this fall. Apple typically only releases new major Safari versions for the current and two previous editions of macOS, so High Sierra will no longer be supported soon.

Safari 14 introduces new features, even faster performance, and improved security. At least four security issues related to the WebKit page rendering engine were addressed, the details of which you can read here.
The new features and improvements include:

  • New tab bar design shows more tabs on screen and displays favicons by default
  • Customizable start page allows you to set a background image and add new sections
  • Privacy Report shows cross-site trackers that are being blocked by Intelligent Tracking Prevention
  • Removes support for Adobe Flash for improved security

As regular readers of this blog know, fake Flash Player updates and pop-ups are frequent malware infection vectors, and in the past Flash Player has been known to have a number of security vulnerabilities itself. But the biggest reason for dropping Flash Player is that its developer, Adobe, is officially discontinuing Flash in 2020. Hopefully users will be aware of this and become less likely to fall for fake Flash Player updaters.

Related:

Adobe Flash Player is dead, yet 10% of Macs are infected with fake Flash malware

Safari 14.0 can be downloaded System Preferences > Software Update for Mojave and Catalina users.

Whether you’re using iOS, iPadOS or macOS, always back up your data prior to installing any updates. This gives you a restore point in case something does not go as planned.

See also our related article on checking your macOS backups:

How to Verify Your Backups are Working Properly

How can I learn more?

Each week on on the Intego Mac Podcast, Intego’s experts discuss security, privacy, and Apple-related topics. Be sure to subscribe to make sure you never miss the latest episode!

Also subscribe to our e-mail newsletter and keep an eye here on The Mac Security Blog for updates.

And make sure you’re following Intego on your favorite social and media channels: Facebook, Instagram, Twitter, and YouTube (click the 🔔 to get notified about new videos).

About Jay Vrijenhoek

Jay Vrijenhoek is an IT consultant with a passion for Mac security research. He conducts independent malware protection tests, and also writes about privacy and security related matters on his blog Security Spread. Follow him on Twitter at @SecuritySpread. View all posts by Jay Vrijenhoek →