This week Apple released updates to all of its operating systems and Safari browser. Here’s a brief rundown of new features and security-related fixes included with each update.
iOS 13.3 and iPadOS 13.3
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation
Apple describes the update’s new features as follows:
iOS/iPadOS 13.3 includes improvements, bug fixes and additional parental controls for Screen Time.
One of the improvements listed is “Enables the creation of a new video clip when trimming a video in Photos,” which we were able to do before iOS 13, so I’m glad they brought this back.
Some security related issues were addressed as well: 14, to be exact. Here’s a sampling of some interesting ones:
Impact: Processing malicious video via FaceTime may lead to arbitrary code execution
Description: An out-of-bounds read was addressed with improved input validation.
Impact: Live Photo audio and video data may be shared via iCloud links even if Live Photo is disabled in the Share Sheet carousel
Description: The issue was addressed with improved validation when an iCloud Link is created.
Impact: An application may be able to execute arbitrary code with system privileges
Description: A memory corruption issue was addressed with improved memory handling.
Impact: Calls made using Siri may be initiated using the wrong cellular plan on devices with two active plans
Description: An API issue existed in the handling of outgoing phone calls initiated with Siri. This issue was addressed with improved state handling.
Two of the fixes were for WebKit, Apple’s open-source page layout rendering engine, and three of the fixes were for bugs in the kernel, the core component of the operating system.
The full list of security issues addressed can be found here.
Listed simply as an update that provides important security updates and is recommended for all users, Apple addressed the above mentioned FaceTime issue and apparently nothing else.
Regardless of whether your device is compatible with iOS 13 or iPadOS, or if it is limited to iOS 12, you can obtain the updates over the air (without tethering to a computer) by going to Settings > General > Software Update. You can also connect your device to your Mac (or Windows PC with iTunes) to install the update.
Apple simply states that tvOS 13.3 includes general performance and stability improvements. Available for the Apple TV HD and Apple TV 4K’s, a total of 11 security issues were addressed. Most of them are the same as those addressed in iOS and iPadOS 13.3. The kernel, WebKit, and even FaceTime all had some work done to make them more secure. The FaceTime issue was addressed because tvOS largely uses the same code as iOS; no FaceTime app for Apple TV exists at this time.
The full list of security issues addressed can be found here. The tvOS update can be downloaded directly from the Apple TV by going to Settings > System > Update Software.
Listed as an update that:
“Provides important security updates and is recommended for all users.”
A total of 10 security related issues were fixed and as you’ve come to expect these are the same as the ones addressed in iOS, iPadOS and tvOS.
The full list of security issues addressed can be found here.
Listed simply as an update that provides important security updates and is recommended for all users, Apple addressed the above mentioned FaceTime issue and nothing else.
Apple evidently continues to support watchOS 5 to maintain compatibility with iPhones running iOS 12.
The watchOS updates can be installed by connecting the watch to its charger, then on the iPhone open the Apple Watch app > My Watch tab > General > Software Update.
The latest version of Safari, available for macOS High Sierra and Mojave users, brings a few bug fixes and enhancements that improve overall security. Only three security issues were addressed and were all for WebKit.
The full list of security issues addressed can be found here. The new Safari 13.0.4 can be downloaded through the Updates tab of the App Store for High Sierra and through System Preferences > Software Update for Mojave. For macOS Catalina, it is included in macOS 10.15.2.
macOS Catalina 10.15.2, Security Update 2019-002 Mojave, Security Update 2019-007 High Sierra
Last but not least, macOS received some updates: security-only updates for High Sierra and Mojave and a features-plus-security update for Catalina.
The macOS Catalina 10.15.2 update includes updates to Apple News, Stocks, Music, Photos, Mail and more, as well as bug fixes and improvements.
There are 52 security-related fixes for Catalina, only 5 of which are available for macOS High Sierra and Mojave. A few notable fixes include:
Impact: An application may be able to read restricted memory
Description: A validation issue was addressed with improved input sanitization.
Impact: An attacker in a privileged position may be able to perform a denial of service attack
Description: A buffer overflow was addressed with improved bounds checking.
Impact: Multiple issues in OpenLDAP
Description: Multiple issues were addressed by updating to OpenLDAP version 2.4.28.
6 of the 52 fixes are for OpenLDAP
Impact: Multiple issues in tcpdump
Description: Multiple issues were addressed by updating to tcpdump version 4.9.3 and libpcap version 1.9.1
32 of the 52 fixes are for tcpdump
The full list of security issues addressed can be found here. macOS High Sierra users can find the security update in the App Store app under the Updates tab. Mojave and Catalina users should visit the Software Update pane in System Preferences (Apple menu > System Preferences… > Software Update) instead.
Whether you’re using iOS, iPadOS or macOS, always back up your data prior to installing any updates. This gives you a restore point in case something does not go as planned.
See also our related article on checking your macOS backups:
How can I learn more?
Each week on on the Intego Mac Podcast, Intego’s experts discuss security, privacy, and Apple-related topics. Be sure to subscribe to make sure you never miss the latest episode!
Also subscribe to our e-mail newsletter and keep an eye here on The Mac Security Blog for updates.