Apple releases high-priority security patches
Apple has just updated all of its OSes. These updates include critical security patches for vulnerabilities that have been exploited in the wild. Please update your systems immediately. The following article summarizes the most important details if you’d like to learn more.
iOS and iPadOS
Both iOS and iPadOS have been updated as iOS 14.2 and iPadOS 14.2, respectively.
The most significant updates here address vulnerabilities for which there are reported exploits in the wild; there were three such fixes mentioned in Apple’s security notes. The first was an update to FontParser, where there is a bug that can permit a maliciously crafted font to result in arbitrary code execution. There are also two kernel patches mentioned in the notes: one that can allow a malicious app to access kernel memory, and another that can let such an app execute code with kernel privileges.
In addition, there were several fixes to the way the OSes’ handle audio; these bugs could have resulted in code execution if a malicious audio file was processed. All in all, there were 24 different issues described in Apple’s security notes, making this a fairly serious round of updates.
Needless to say, if you don’t have automatic updates configured, and you haven’t already updated iOS or iPadOS, you should do so immediately. You can do this manually by going to Settings > General > Software Update; you should see an update there waiting for you if your system still needs updating — just click on Download and Install to get the patch.
The iOS 14.2 and iPadOS 14.2 updates are available for the following devices: iPhone 6s and later, iPod touch 7th generation, iPad Air 2 and later, and iPad mini 4 and later. If you’re using an older model device, you can update to iOS 12.4.9, which addresses many of the same serious vulnerabilities patched in iOS 14.2 and iPadOS 14.2. iOS 12.4.9 is available for iPhone 5s, iPhone 6 and 6 Plus, iPad Air, iPad mini 2 and 3, iPod touch (6th generation).
Although the release of macOS Big Sur is imminent, Apple has just released updates for macOS Catalina as well: these are listed as macOS Catalina 10.15.7 and macOS Catalina 10.15.7 Supplemental Update.
A quick look at the security notes explains why: these macOS updates address the same three issues that have resulted in reported exploits in the wild for iOS and iPadOS: therefore all macOS Catalina users should also update their OS immediately.
To update manually, go to the Apple menu, then go to System Preferences > Software Update to find available updates. Click on Update Now to install.
watchOS and tvOS
Apple has also released updates for tvOS and watchOS; these are listed as tvOS 14.2 and watchOS 7.1, watchOS 6.2.9, and watchOS 5.3.9.
The watchOS updates all address the same three issues that have been exploited in the wild and for which the related iOS, iPadOS, and macOS patches were just released. The watchOS 7.1 contains fixes for a number of other vulnerabilities as well, some of them serious. All Apple Watch users should update their version of watchOS without delay.
The tvOS update contains bug fixes for issues that could result in several different undesirable outcomes, including code execution, a local attacker gaining elevated permissions on a system, and users being able to read files to which they should not have access. However, in the tvOS 14.2 update notes, there is no mention of the issues that had resulted in reports of real-world exploits on the other OSes; as a precaution, tvOS users should nevertheless update their operating system as soon as possible.