Checklist 356: Security Updates in Apple’s Latest OS Updates

Apple Unveils Anticipated OS Updates with New Features and Security Fixes

As the year draws to a close, Apple launches a series of highly-anticipated software updates across its ecosystem, bringing enhancements to iOS, iPadOS, macOS, watchOS, tvOS, and even the HomePod. Notably, the HomePod receives an update devoid of security fixes, marking the concluding mention of this device in the day’s announcements.

While some eagerly awaited features failed to meet the 2023 deadlines, such as Collaborative Playlists for Apple Music and AirPlay in Hotels, numerous new functionalities and extensive security patches were introduced. The iOS and iPadOS 17.2 update unveiled a range of enhancements.

For iPhone 15 and iPhone 15 Pro Max users, the update includes the addition of Translate to the pro phones’ Action Button and the capability to capture Spatial Video, a 3D format compatible with the forthcoming mixed reality headset Apple Vision Pro.

Other improvements across various devices encompass a “catch-up arrow” in Messages, enabling users to swiftly navigate to the initial unread message in a conversation. The update also introduces the option to add stickers to chat bubbles via the tapback menu, new Weather and Clock widgets, Siri-enabled access to Health data, and more.

A noteworthy addition is the iPhone-exclusive Journal app, facilitating reflection and gratitude through journaling while ensuring secure encryption of entries. Apple emphasizes the app’s security measures, encrypting entries when the iPhone is locked and offering secondary authentication options like Face ID or Touch ID.

Security remains a key focus, with the iOS and iPadOS updates addressing 11 security vulnerabilities, including issues related to Find My, the Kernel, Safari, and Siri. Although none of the flaws were actively exploited, the urgency of prompt updates is underscored.

Additionally, iOS and iPadOS 16.7.3 were released for devices unable to upgrade to the 17-series, focusing on security fixes for eight identified issues.

The implementation of Contact Key Verification, a security feature discussed in a previous podcast, is now live with iOS 17.2. This feature provides alerts if unrecognized device keys are added to an iMessage account, offering protection against potential unauthorized access to conversations.

However, Contact Key Verification is intended for individuals facing heightened digital threats, such as journalists, activists, and officials. Despite being a theoretical security measure, its introduction showcases Apple’s proactive stance against potential advanced hacking attempts, providing users with added peace of mind.

The guide to activate Contact Key Verification emphasizes the necessity for all devices under an iCloud account to be updated to the latest software for seamless activation.

While these updates bring new features and security enhancements to Apple’s ecosystem, the company continues to prioritize user safety and data protection in an ever-evolving digital landscape.

macOS Sonoma 14.2, watchOS 10.2, and tvOS Updates Introduce Features and Security Enhancements

Apple recently unveiled several updates, including macOS Sonoma 14.2, watchOS 10.2, and tvOS updates, packed with new features and critical security fixes.

The macOS Sonoma 14.2 release brings a host of improvements, notably an Enhanced AutoFill feature for PDFs and various enhancements previously seen in iOS/iPadOS updates, such as Stickers as TapBacks in Messages and new widgets in Weather and Clock apps. However, the focus remains on security, addressing 21 vulnerabilities, including Bluetooth, Find My, Kernel, CoreMedia Playback, and WebKit flaws. Notably, these vulnerabilities were not exploited in the wild, but Apple prioritizes preemptive fixes.

In a concerted effort towards security, Apple also extended security-focused updates to older macOS versions, delivering 12 fixes for macOS Ventura 13.6.3 and ten fixes for macOS Monterey 12.7.2. Additionally, Safari 17.2 was released to address two WebKit vulnerabilities on Monterey and Ventura systems.

Meanwhile, watchOS 10.2 brings health-related interactions with Apple’s virtual assistant, Siri, allowing users to query health data or input information directly into the Health app. However, these features are exclusive to the latest models, Apple Watch Series 9 and Apple Watch Ultra 2, aligning with Apple’s stringent privacy principles, focusing on data minimization, on-device processing, transparency, and control and security.

For watchOS 10.2, eight security issues were resolved, emphasizing Apple’s commitment to user security. In the realm of tvOS, the update introduces a new navigation system called Sidebar within the Apple TV app, allowing easy access to various video sources. Despite this being available on multiple devices, the tvOS update specifically targets Apple TV hardware, providing seven essential security fixes.

These updates showcase Apple’s continuous efforts to introduce new functionalities while remaining vigilant about security across its range of devices and services.

Apple’s Upcoming iOS 17.3 Update Introduces Enhanced Security Features to Thwart Phone Theft

Apple’s relentless pursuit of safeguarding user data continues as the tech giant introduces significant security enhancements in the upcoming iOS 17.3 update, addressing concerns raised regarding iPhone theft and potential data breaches.

Just a day after the latest round of updates on Monday, Apple rolled out the first beta versions of iOS and iPadOS 17.3, alongside macOS 14.3, watchOS 10.3, and tvOS 17.3 on Tuesday. However, the spotlight shines on iOS 17.3, expected to debut in the early months of 2024, boasting a new Stolen Device Protection Feature that aims to make life significantly harder for criminals targeting iPhone users.

The impetus for these security measures stems from an issue highlighted earlier in Checklist 318: Let’s Not Be Victims, where criminals were reported to be spying on individuals in public to steal iPhone passcodes, subsequently gaining access to sensitive information, draining accounts, and potentially scamming contacts for money.

To counter such threats, Apple is introducing a security lock that, when enabled by the user, mandates Face ID or Touch ID authentication for several crucial actions, including accessing passwords or passkeys stored in iCloud Keychain, applying for an Apple Card, turning off Lost Mode, erasing device content, utilizing payment methods in Safari, and more.

However, the most sensitive actions, such as changing the Apple ID password, come with an added layer of security delay. Users will need to authenticate via Face ID or Touch ID, wait for an hour, and authenticate again for crucial changes, including updating select Apple ID account security settings, changing the iPhone passcode, managing biometric authentication methods, and disabling critical security features like Find My and Stolen Device Protection.

While these security measures indeed fortify device safety, they may pose an inconvenience due to the time delay required for critical actions. Apple assures users that there will be no delay when the iPhone is in familiar locations, like home or work, mitigating the inconvenience factor in these trusted environments.

The update, expected in the coming months, aims to significantly bolster user privacy and security, reflecting Apple’s commitment to fortifying its ecosystem against emerging threats. The comprehensive protection mechanisms come as a proactive step toward safeguarding user data and thwarting potential theft-related breaches.