Apple’s July Security Updates Correct a Host of Problems

It’s that time again: Apple has pushed out a variety of updates for practically all its products, from iTunes for Windows to multiple flavors of macOS, plus the latest version of iOS 11.4. New security updates are also available for iCloud for Windows, Safari, watchOS, and tvOS. What should you know about these updates?

First, iOS 11.4.1 finally includes the much-discussed USB Restricted Mode, a new security feature that aims at making it more difficult for law enforcement agencies and others from using phone-cracking devices to break past a user’s passcode. While perhaps the biggest part of this update, 11.4.1 also corrects some smaller issues, such as another emoji-linked crashing bug.

This time, Apple’s efforts to play nice with Chinese censorship efforts led Western iOS users to experience crashes if they received text messages containing the Taiwanese flag. The bug is now fixed for users outside China. As is typical, Apple does not release in-depth details on many of the vulnerabilities they correct. However, the new iOS version does close some doors that attackers could use to gain control over device permissions or to access data which should remain restricted.

The same sparse details carry over to the updates for macOS High Sierra, Sierra, and El Capitan.  Some speculate that this patch includes a new round of fixes aimed at mitigating the “Meltdown” processor vulnerability. Local permission problems that could have created loopholes for those with physical access to a machine received patches, as well as fixes for issues relating to macOS’s sandboxing safety precautions.

macOS, iOS, and Safari received a host of updates for the WebKit rendering engine to make your online browsing experience less dangerous. A bug that would allow a malicious website to spoof the address in your address bar, making it appear that you were visiting a legitimate site, has been fixed. This is a valuable protection against increasingly sophisticated phishing efforts. A variety of other bugs fixed could have given malicious sites the ability to execute their arbitrary code on your Mac after visiting their page. Updates for watchOS and tvOS include device-specific versions of many of the above updates.

These updates became available on July 9, and are now ready for download by all. Take advantage of the peace of mind afforded by gaining access to these new patches. Be sure to update your devices as soon as possible.