Apple updates iOS, macOS, and more
Apple has issued its initial round of updates to iOS 14, just a little over a week after the new mobile OS was first released to the public. In addition, there were updates to macOS, iPadOS, tvOS, and watchOS as well.
iOS 14.0.1 and iPadOS 14.0.1
These updates were clearly more about performance than security, seeing as the release notes contained no published CVE entries.
The most high-profile issue with iOS 14 and iPadOS 14 had to do with the behavior of user-selected default email and web browser apps. Both iOS 14 and iPadOS 14 allow users to choose their own default mail and browser apps, but last week it appeared that this feature wasn’t working properly for some people: their devices kept reverting to Mail and Safari every time they were rebooted. iOS 14.0.1 and iPadOS 14.0.1 fix this bug.
In addition, the updates address two UX problems that some people were having with their devices. Some users couldn’t see camera previews on older model iPhones (iPhone 7 and iPhone 7 Plus), and other people noticed that images weren’t appearing in the News widget (on both iPhones as well as on iPads). These issues have now been corrected.
Finally, the update fixed two bugs that were preventing some users from sending emails and connecting to Wi-Fi networks.
If you don’t have automatic updates enabled, go to Settings > General > Software Update to find the updates.
macOS 10.15.7 (and related High Sierra and Mojave updates)
Apple also issued some macOS updates as macOS 10.15.7 (Catalina) and the related Security Update 2020-005 High Sierra and Security Update 2020-005 Mojave.
First up: There was a fix to the Model I/O framework, which is how macOS provides essential functionality to 3D modeling software. Apple’s notes say that a maliciously crafted Universal Scene Description (USD) file—a file format created by Pixar Animation Studios—could have resulted in a crash or even code execution on a Mac. This vulnerability affected Catalina, Mojave, and High Sierra, and has now been patched.
In addition, Apple addressed a sandboxing issue (one that also affected all three OSes). Sandboxing refers to a macOS security feature that limits the access and resources available to individual macOS apps. The idea is that if an app were to become compromised, at least the damage would be somewhat contained, because the app still wouldn’t have unfettered access to the system as a whole. When there is a problem with app sandboxing, however, a malicious app might still be able to access restricted files: definitely not a good thing! These updates eliminate this sandboxing vulnerability.
There was also a patch for an issue with ImageIO, the macOS framework that allows apps to read and write image files in various formats. Apple says that it addressed a vulnerability that could have allowed an attacker to use a maliciously crafted image to execute code on a target system. This fix only pertains to macOS Mojave and macOS High Sierra.
Finally, Apple patched an issue in Mail that could have allowed a remote attacker to interfere with the application; High Sierra was the only affected macOS version.
In addition to the security updates, macOS 10.15.7 Catalina received some general bug fixes as well, addressing issues that some users were having when attempting to automatically connect to Wi-Fi networks, problems syncing files through iCloud Drive, and a graphics issue on some recent iMacs.
If you haven’t enabled automatic updates for your Mac, you can find updates in macOS Catalina or macOS Mojave by going to Apple menu > System Preferences > Software Update. If you see an update waiting to be installed, just click Update Now.
On macOS High Sierra, you can update by launching the App Store app and clicking on Updates in the toolbar. If there are any updates available, you’ll see them here; just click the Update button to install.
watchOS 7.0.1 and tvOS 14.0.1
There were no major updates to these two operating systems, and the updates did not contain any security content. watchOS 7.0.1 fixed an issue that users were having with the Wallet app (some cards were disabled for some users). Apple didn’t release any specific update notes for tvOS 14.0.1, saying only that the update included “general performance and stability improvements”, which indicates that any changes here were likely very minor indeed.