Software & Apps

Apple releases macOS Catalina 10.15.2, iOS 13.3, and more

Posted on December 11th, 2019 by

This week Apple released updates to all of its operating systems and Safari browser. Here’s a brief rundown of new features and security-related fixes included with each update.

iOS 13.3 and iPadOS 13.3

Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation

Apple describes the update’s new features as follows:

iOS/iPadOS 13.3 includes improvements, bug fixes and additional parental controls for Screen Time.

One of the improvements listed is “Enables the creation of a new video clip when trimming a video in Photos,” which we were able to do before iOS 13, so I’m glad they brought this back.

Some security related issues were addressed as well: 14, to be exact. Here’s a sampling of some interesting ones:

FaceTime
Impact: Processing malicious video via FaceTime may lead to arbitrary code execution
Description: An out-of-bounds read was addressed with improved input validation.

Photos
Impact: Live Photo audio and video data may be shared via iCloud links even if Live Photo is disabled in the Share Sheet carousel
Description: The issue was addressed with improved validation when an iCloud Link is created.

Security
Impact: An application may be able to execute arbitrary code with system privileges
Description: A memory corruption issue was addressed with improved memory handling.

CallKit
Impact: Calls made using Siri may be initiated using the wrong cellular plan on devices with two active plans
Description: An API issue existed in the handling of outgoing phone calls initiated with Siri. This issue was addressed with improved state handling.

Two of the fixes were for WebKit, Apple’s open-source page layout rendering engine, and three of the fixes were for bugs in the kernel, the core component of the operating system.

The full list of security issues addressed can be found here.

iOS 12.4.4

Listed simply as an update that provides important security updates and is recommended for all users, Apple addressed the above mentioned FaceTime issue and apparently nothing else.

Regardless of whether your device is compatible with iOS 13 or iPadOS, or if it is limited to iOS 12, you can obtain the updates over the air (without tethering to a computer) by going to Settings > General > Software Update. You can also connect your device to your Mac (or Windows PC with iTunes) to install the update.

tvOS 13.3

Apple simply states that tvOS 13.3 includes general performance and stability improvements. Available for the Apple TV HD and Apple TV 4K’s, a total of 11 security issues were addressed. Most of them are the same as those addressed in iOS and iPadOS 13.3. The kernel, WebKit, and even FaceTime all had some work done to make them more secure. The FaceTime issue was addressed because tvOS largely uses the same code as iOS; no FaceTime app for Apple TV exists at this time.

The full list of security issues addressed can be found here. The tvOS update can be downloaded directly from the Apple TV by going to Settings > System > Update Software.

watchOS 6.1.1

Listed as an update that:

“Provides important security updates and is recommended for all users.”

A total of 10 security related issues were fixed and as you’ve come to expect these are the same as the ones addressed in iOS, iPadOS and tvOS.

The full list of security issues addressed can be found here.

watchOS 5.3.4

Listed simply as an update that provides important security updates and is recommended for all users, Apple addressed the above mentioned FaceTime issue and nothing else.

Apple evidently continues to support watchOS 5 to maintain compatibility with iPhones running iOS 12.

The watchOS updates can be installed by connecting the watch to its charger, then on the iPhone open the Apple Watch app > My Watch tab > General > Software Update.

Safari 13.0.4

The latest version of Safari, available for macOS High Sierra and Mojave users, brings a few bug fixes and enhancements that improve overall security. Only three security issues were addressed and were all for WebKit.

The full list of security issues addressed can be found here. The new Safari 13.0.4 can be downloaded through the Updates tab of the App Store for High Sierra and through System Preferences > Software Update for Mojave. For macOS Catalina, it is included in macOS 10.15.2.

macOS Catalina 10.15.2, Security Update 2019-002 Mojave, Security Update 2019-007 High Sierra

Last but not least, macOS received some updates: security-only updates for High Sierra and Mojave and a features-plus-security update for Catalina.

The macOS Catalina 10.15.2 update includes updates to Apple News, Stocks, Music, Photos, Mail and more, as well as bug fixes and improvements.

There are 52 security-related fixes for Catalina, only 5 of which are available for macOS High Sierra and Mojave. A few notable fixes include:

Bluetooth
Impact: An application may be able to read restricted memory
Description: A validation issue was addressed with improved input sanitization.

CUPS
Impact: An attacker in a privileged position may be able to perform a denial of service attack
Description: A buffer overflow was addressed with improved bounds checking.

OpenLDAP
Impact: Multiple issues in OpenLDAP
Description: Multiple issues were addressed by updating to OpenLDAP version 2.4.28.
6 of the 52 fixes are for OpenLDAP

tcpdump
Impact: Multiple issues in tcpdump
Description: Multiple issues were addressed by updating to tcpdump version 4.9.3 and libpcap version 1.9.1
32 of the 52 fixes are for tcpdump

The full list of security issues addressed can be found here. macOS High Sierra users can find the security update in the App Store app under the Updates tab. Mojave and Catalina users should visit the Software Update pane in System Preferences (Apple menu > System Preferences… > Software Update) instead.

Whether you’re using iOS, iPadOS or macOS, always back up your data prior to installing any updates. This gives you a restore point in case something does not go as planned.

See also our related article on checking your macOS backups:

How to Verify Your Backups are Working Properly

How can I learn more?

Each week on on the Intego Mac Podcast, Intego’s experts discuss security, privacy, and Apple-related topics. Be sure to subscribe to make sure you never miss the latest episode!

Also subscribe to our e-mail newsletter and keep an eye here on The Mac Security Blog for updates.

And make sure you’re following Intego on your favorite social and media channels: Facebook, Instagram, Twitter, and YouTube (click the 🔔 to get notified about new videos).

About Jay Vrijenhoek

Jay Vrijenhoek is an IT consultant with a passion for Mac security research. He conducts independent malware protection tests, and also writes about privacy and security related matters on his blog Security Spread. Follow him on Twitter at @SecuritySpread. View all posts by Jay Vrijenhoek →