Software & Apps

Apple releases macOS Catalina 10.15.1, iOS 13.2, and more

Posted on October 31st, 2019 by

This week Apple released updates to all of its operating systems and Safari browser. Here’s a brief rundown of new features and security-related fixes included with each update.

iOS 13.2 and iPadOS 13.2

Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation

Apple describes the update’s new features as follows:

Introduces Deep Fusion, an advanced image processing system that uses the A13 Bionic Neural Engine to capture images with dramatically better texture, detail, and reduced noise in lower light, on iPhone 11, iPhone 11 Pro, and iPhone 11 Pro Max. Additional features include updated and additional emoji, Announce Messages for AirPods, support for AirPods Pro, HomeKit Secure Video, HomeKit enabled routers, and new Siri privacy settings. This update also contains bug fixes and improvements.

Some security related issues were addressed as well: 28, to be exact. Here’s a sampling of some interesting ones:

App Store
Impact: A local attacker may be able to login to the account of a previously logged in user without valid credentials.
Description: An authentication issue was addressed with improved state management.

Associated Domains
Impact: Improper URL processing may lead to data exfiltration
Description: An issue existed in the parsing of URLs. This issue was addressed with improved input validation.

Books
Impact: Parsing a maliciously crafted iBooks file may lead to disclosure of user information
Description: A validation issue existed in the handling of symlinks. This issue was addressed with improved validation of symlinks.

Setup Assistant
Impact: An attacker in physical proximity may be able to force a user onto a malicious Wi-Fi network during device setup
Description: An inconsistency in Wi-Fi network configuration settings was addressed.

Screen Recording
Impact: A local user may be able to record the screen without a visible screen recording indicator
Description: A consistency issue existed in deciding when to show the screen recording indicator. The issue was resolved with improved state management.

Fourteen of the fixes were for WebKit, Apple’s open-source page layout rendering engine. A relatively large number of vulnerabilities were addressed in this update, so it is recommended to install it sooner rather than later.

The full list of security issues addressed can be found here.

iOS 12.4.3

Listed simply as an update that provides important security updates and is recommended for all users, Apple has yet to release details on the included security fixes.

Regardless of whether your device is compatible with iOS 13 or iPadOS, or if it is limited to iOS 12, you can obtain the updates over the air (without tethering to a computer) by going to Settings > General > Software Update. You can also connect your device to your Mac (or Windows PC with iTunes) to install the update.

tvOS 13.2

Apple simply states that tvOS 13.2 is an update that includes general performance and stability improvements. Available for the Apple TV HD and Apple TV 4K’s, a total of 22 security issues were addressed. Most of them the same as those addressed in iOS and iPadOS 13.2. The kernel, WebKit, and App Store all had some work done to make them more secure.

The full list of security issues addressed can be found here. The tvOS update can be downloaded directly from the Apple TV by going to Settings > System > Update Software.

watchOS 6.1

Apple says that watchOS 6.1 “Introduces support for AirPods Pro and includes improvements and bug fixes. This update also brings watchOS 6 to Apple Watch Series 1 and Series 2.”

A total of 20 security related issues were fixed, and as you’ve come to expect, these are mostly the same as the ones addressed in iOS, iPadOS, and tvOS.

The full list of security issues addressed can be found here.

watchOS 5.3.3

Listed simply as an update that provides important security updates and is recommended for all users, Apple has yet to release details on the included security fixes.

Apple evidently continues to support watchOS 5 to maintain compatibility with iPhones running iOS 12.

The watchOS updates can be installed by connecting the watch to its charger, then on the iPhone open the Apple Watch app > My Watch tab > General > Software Update.

Safari 13.0.3

The latest version of Safari, available for macOS High Sierra and Mojave users, brings a few bug fixes and enhancements that improve overall security. Fourteen security issues in WebKit were addressed.

The full list of security issues addressed can be found here. The new Safari 13.0.3 can be downloaded through the Updates tab of the App Store for High Sierra users and through System Preferences > Software Update for Mojave users. For macOS Catalina users, it is included in macOS 10.15.1.

macOS Catalina 10.15.1, Security Update 2019-001, and Security Update 2019-006

Last but not least, macOS received some updates: security-only updates for High Sierra and Mojave, and a features-plus-security update for Catalina.

The macOS Catalina 10.15.1 update includes updated and additional emoji, support for AirPods Pro, HomeKit Secure Video, HomeKit-enabled routers, and new Siri privacy settings, as well as bug fixes and improvements.

There are 33 security-related fixes included for Catalina, but only 22 of these are available for macOS High Sierra and Mojave. A few of the notable fixes include:

File Quarantine
Impact: A malicious application may be able to elevate privileges
Description: This issue was addressed by removing the vulnerable code.

Intel Graphics Driver
Impact: An application may be able to execute arbitrary code with system privileges
Description: A memory corruption issue was addressed with improved memory handling.

System Extensions
Impact: An application may be able to execute arbitrary code with system privileges
Description: A validation issue existed in the entitlement verification. This issue was addressed with improved validation of the process entitlement.

UIFoundation
Impact: Parsing a maliciously crafted text file may lead to disclosure of user information
Description: This issue was addressed with improved checks.

The full list of security issues addressed can be found here. macOS High Sierra users can find the security update in the App Store app under the Updates tab. Mojave and Catalina users should visit the Software Update pane in System Preferences (Apple menu > System Preferences… > Software Update) instead.

Whether you’re using iOS, iPadOS, or macOS, always back up your data prior to installing any updates. This gives you a restore point in case something does not go as planned.

See also our related article on checking your macOS backups:

How to Verify Your Backups are Working Properly

How can I learn more?

Each week on on the Intego Mac Podcast, Intego’s experts discuss security, privacy, and Apple-related topics. Be sure to subscribe to make sure you never miss the latest episode!

Also subscribe to our e-mail newsletter and keep an eye here on The Mac Security Blog for updates.

And make sure you’re following Intego on your favorite social and media channels: Facebook, Instagram, Twitter, and YouTube (click the 🔔 to get notified about new videos).

About Jay Vrijenhoek

Jay Vrijenhoek is an IT consultant with a passion for Mac security research. He conducts independent malware protection tests, and also writes about privacy and security related matters on his blog Security Spread. Follow him on Twitter at @SecuritySpread. View all posts by Jay Vrijenhoek →