SecureMac, Inc.

Computer security news. Just for Macs.

Get the latest computer security news for Macs and be the first to be informed about critical updates. Industry news, security events and all you need right at your fingertips. Malware threats change daily, so keep up to date on the latest developments to help ensure your privacy and protection. You can never be too safe.

Apple Updates macOS, iOS, and more

Posted on January 30, 2020

Apple has released updated versions of its major operating systems, with some important bug fixes and security patches. In this brief article, we’ll take you through the highlights of the release notes and let you know what they mean.

macOS 10.15.3

The third major version of the new Mac operating system, Catalina, has just been released as macOS 10.15.3. Security updates for the older Mojave and High Sierra operating systems (Security Update 2020-001 Mojave and Security Update 2020-001 High Sierra), which addressed some of the same issues, were released alongside the newest version of Catalina. 

macOS 10.15.3 fixes several issues with the OS kernel, the core of the macOS operating system. Among these were two bugs which could allow malicious actors to access restricted memory, which were handled by improving memory management. 

There was also a kernel issue which could have permitted a bad actor to execute code on the system due to a type confusion issue. Type confusion errors occur when the system is expecting one type of data and instead receives another, which can cause crashes or even allow hackers to write executable code to places in memory that they shouldn’t be able to access. It’s a potentially serious error: This is the same kind of bug behind the Mozilla Firefox issue that prompted the U.S. Department of Homeland Security to release a cybersecurity warning earlier this month.

Among the remaining fixes, two stood out as particularly interesting because of what they can tell us about the range of threats facing Mac users today. The macOS 10.15.3 update addresses vulnerabilities in Image Processing and ImageIO, which help Macs read and write image files. The issues again had to do with memory, and were handled by improving the way macOS validates input data. 

But what is especially noteworthy here is Apple’s description of how these vulnerabilities could have been exploited — namely, by getting the system to process a maliciously crafted image file. While many of us are aware that executable files like app installers are potential security risks, the idea of a JPEG containing malicious code just isn’t on many people’s radar. This release note serves as a good reminder that computer files — even image files — are really just big collections of data, and this data can contain dangerous code. That’s why it’s so important to always be careful when downloading any type of file onto your computer, and to make yourself aware of the less well-known types of attacks out there.

If you don’t have automatic updates enabled, you can update to macOS 10.15.3 by going to System Preferences > Software Update > Update Now

iOS 13.1.1 and iPadOS 13.1.1

Apple also released updates to iOS and the very closely related iPadOS: iOS 13.1.1 and iPadOS 13.1.1.

Parents will be relieved to learn that Apple has fixed a flaw in their Communication Limits parental control tool which had allowed new contacts to be added to a child’s device without a Screen Time password first being entered (i.e. without Mom or Dad’s permission).

iPhone 11 and iPhone 11 Pro users will see improved location privacy protection as well: the ability to disable the U1 Ultra Wideband chip built into these devices. The chip is meant to improve the performance of services like AirDrop, which ordinarily rely on less-accurate Bluetooth radio signals in order to function, by allowing them to make use of the ultra-wideband radio capabilities of the new chip. However, the radio frequencies used by the U1 chip are strictly regulated in some parts of the world, and so the newer iPhones needed to do periodic location checks to ensure that they weren’t someplace where the chip’s operation might run afoul of local laws. Unfortunately, this location monitoring persisted even when users disabled Location Services on their devices, raising obvious privacy concerns. 

iOS 13.1.1 now provides users the ability to disable the chip — and thus the associated location tracking — altogether. To do this, go to Settings > Privacy > Location Services > System Services > Networking & Wireless. Toggle the switch to off in order to disable location tracking for the U1 chip.

iOS 13.1.1 contains other important security patches as well, so all users should update immediately if they haven’t already. To do this, go to Settings > General > Software Update > Download and Install > Install.

Other OS updates

Apple has also updated watchOS to version 6.1.2 and tvOS to 13.3.1, as well as releasing software updates for HomePod. Users of devices running on these operating systems are encouraged to update now if they don’t have automatic updates configured.

Join our mailing list for the latest security news and deals