SecureMac, Inc.

Computer security news. Just for Macs.

Get the latest computer security news for Macs and be the first to be informed about critical updates. Industry news, security events and all you need right at your fingertips. Malware threats change daily, so keep up to date on the latest developments to help ensure your privacy and protection. You can never be too safe.

Apple releases major updates for macOS, iOS, and more

Posted on April 27, 2021

Apple has just issued updates for all of its OSes. The macOS update contains a critical security patch, and the iOS update includes an eagerly-awaited privacy feature. In this article, we’ll take you through the most important security and privacy changes to each OS.

NOTE: Big Sur users are encouraged to update macOS immediately due to the security issue discussed below.

macOS 11.3

macOS 11.3 patches what one prominent researcher is calling “the worst flaw in recent macOS history”. The bug allows attackers to craft malware that will run if double-clicked by a user — but without triggering any of the usual system warnings!

To reiterate: It is possible for bad actors to create Mac malware that a.) does not trigger the standard File Quarantine, Gatekeeper, or App Notarization alerts and b.) runs on a Mac with minimal user interaction.

According to security researchers, malicious actors are already exploiting this flaw “in the wild”. This makes macOS 11.3 an extremely high-priority update. This update also patches for several other serious vulnerabilities, including:

  • Kernel bugs that could have led to code execution, privilege escalation, and memory leaks
  • A Neural Engine flaw that could have let an app execute code with kernel privileges
  • Audio processing issues that could have exposed restricted memory
  • Image processing issues that could have led to code execution
  • Bugs in the Foundation app framework that could have allowed a malicious app to gain elevated system privileges
  • WebKit vulnerabilities that could have resulted in XSS attacks and code execution

Needless to say, this is not an update that you want to postpone! To update a Mac manually, go to System Preferences > Software Update and click on Update Now. You may also want to check your system for malware that slipped through the cracks before the update. To do this, download and run a good malware detection tool.

There are also related supplemental security updates for macOS Catalina and Mojave. They’re available as Security Update 2021-002 Catalina and Security Update 2021-003 Mojave, respectively. These updates address many of the same issues as the main macOS 11.3 update, and Catalina update 2021–002 also patches the Gatekeeper/File Quarantine/App Notarization bypass discussed above.

iOS 14.5 and iPadOS 14.5

This is the one everybody’s been waiting for: iOS 14.5, which at long last introduces App Tracking Transparency (ATT). The feature is also available in iPadOS 14.5.

ATT requires app developers to get a user’s consent before tracking them. If you update to iOS 14.5, you may start seeing ATT prompts when you launch apps. The prompts let you choose whether or not to allow the app to track you. 

If you like, you can stop all apps on your device from asking to track you. To do this, go to Settings > Privacy > Tracking and toggling off Allow Apps to Request to Track.

In addition to the big privacy update, iOS 14.5 and iPadOS 14.5 also contain some significant security fixes, including patches that address:

  • A number of kernel vulnerabilities that could have led to code execution and memory leaks
  • An Accessibility bug that could have let someone with physical access to a device view notes from the lock screen
  • GPU driver issues that could have let malicious apps view kernel memory layout
  • An iTunes Store vulnerability that could have let an attacker execute arbitrary code
  • A Shortcuts bug that could have let shortcuts access sensitive files

To update iOS or iPadOS manually, go to Settings > General > Software Update > Download and Install.

watchOS 7.4 and tvOS 14.5

The watchOS and tvOS updates also contain numerous security updates, but these overlap with the ones already discussed above, so we won’t rehash them here.

For Apple Watch users, the biggest safety news about watchOS 7.4 has nothing to do with digital security, but with physical health! Starting in watchOS 7.4 (and iOS 14.5), users who are wearing masks will now be able to unlock their iPhone with their Apple Watch. You can enable the new feature from your iPhone by going to Settings > Face ID & Passcode > Unlock With Apple Watch.

This allows your iPhone to be unlocked by a masked face, just so long as the paired Apple Watch is unlocked and nearby. Unfortunately, the iPhone won’t be able to distinguish between your masked face and another person’s, so there is the possibility that someone sitting next to you could unlock your iPhone. However, Apple Watch lets you know when the Unlock with Apple Watch feature has been used (you’ll feel a little buzz), and will show you a prompt that allows you to lock and passcode-protect your iPhone with a tap.

To update watchOS, connect your device to Wi-Fi and go to Settings > General > Software Update. (Versions of watchOS earlier than watchOS 6 require you to update from your iPhone; see Apple’s site for the procedure.) Tap Install to begin the installation process, and follow the instructions you’re given. Note that you should leave your Apple Watch on its charger during the update, and that you shouldn’t restart it or quit the Watch app. Leave your Apple Watch on its charger during the update, and don’t restart it (this will happen automatically when the update is finished).

To update tvOS, go to Settings > System > Software Updates > Update Software > Download and Install. Make sure that you don’t disconnect your Apple TV while it’s updating.

Join our mailing list for the latest security news and deals