Apple releases security updates for all OSes

Apple has just released security updates for all of its operating systems. In this short article, we’ll tell you about the most essential patches and help parse some of the language used in Cupertino’s release notes.

iOS and iPadOS

Apple has updated iOS and iPadOS to iOS 14.3 and iPadOS 14.3. 

In terms of security content, these updates mostly address vulnerabilities caused by the way that iOS and iPadOS handle image files, audio files, and font files. The vulnerabilities could have allowed an attacker to use maliciously crafted versions of these different file types to execute code on a Mac. There was also a fix to a bug that could have impacted secure authentication under certain conditions.

Perhaps even bigger news for most iOS users: the eagerly anticipated App Store privacy information feature is now here! It’s among the most important of the new iOS 14 privacy features, requiring developers to provide self-reported summaries of their user data collection practices, as well as information on how and when they share or sell this data.

Apple has compared these app privacy summaries to the nutrition labels on the side of food packaging — an apt analogy in that they a.) help you to understand what you’re really getting and b.) allow you to make your own, informed decisions. You can view app privacy information by scrolling down to the new Privacy section found on each app’s page in the App Store. 

In addition, an update for an older OS, iOS 12.5 (available for iPhone 5s, iPhone 6, iPhone 6 Plus, iPad Air, iPad mini 2, iPad mini 3, and iPod touch 6th gen.), has also been released. The patch fixes the aforementioned authentication policy violation issue addressed in the iOS 14.3 update.

To update iOS manually, go to Settings > General > Software Update > Download and Install. If you want to run the update right away, tap Install.  

macOS

macOS Big Sur has now been updated to macOS 11.1. Related updates for older macOS versions were also released as Security Update 2020-001 Catalina and Security Update 2020-007 Mojave.

The security release notes specify over 50 individual bug fixes, which vary in terms of impact and severity. Among the most important of these are

• Multiple patches that fix the way macOS handles audio files, addressing vulnerabilities that could have allowed an attacker to use a maliciously crafted audio file to read restricted memory or achieve code execution on an affected Mac.

• Patches to vulnerabilities caused by the way macOS handles fonts, which could have resulted in code execution on an affected Mac.

• Patches for flaws in the macOS image-handling framework, which could have led to code execution and issues with system memory on vulnerable Macs.

• Patches to kernel vulnerabilities. The “kernel” is the heart of an operating system, with the power to control many core system processes, and thus anything that affects it is a potentially serious problem. The patches in this round of updates address issues that could have allowed a malicious app to execute code with kernel privileges — definitely not something that you want to happen!

In addition, the update also brings those App Store privacy reports, first announced at WWDC20, to the Mac App Store.

To update macOS manually, go to the Apple menu > System Preferences > Software Update to check for updates; if you have an update available, you will see it here. Click Update Now to update. 

Safari

Safari has been upgraded to version 14.0.2, and includes a single fix to a vulnerability in WebRTC (Web Real-Time Communication) that could have impacted macOS Catalina and macOS Mojave users.

WebRTC is an open-source project that provides web browsers with the functionality needed to deliver audio and video communication in-browser. The patched vulnerability could have allowed an attacker to achieve code execution on a Mac using maliciously crafted web content.

watchOS and tvOS

The OSes that power Apple Watch and Apple TV received updates as well, as tvOS 14.3, watchOS 7.2 (Series 3 and later), and watchOS 6.3 (Series 1 and 2), respectively.

The updates to all of these OSes fixed many of the same vulnerabilities addressed in the macOS updates, including patches to vulnerable image, font, and audio processing frameworks. The watchOS updates also included a fix to the same authentication policy violation bug that was patched in the iOS updates.

Updating … and learning more

If you haven’t updated your OSes yet, you should do so as soon as possible. 

If you’re new to iOS 14 and want to learn more about how it can help you protect your privacy, have a listen to The Checklist Episode 199, where we go through the most important iOS 14 privacy features.  

If you’re a Mac user who has been holding off on moving to Big Sur, you may want to check out our macOS Big Sur security and privacy guide to learn more about what the new OS for Mac has to offer!