iOS 13.5 introduces health and safety features
Apple has just released iOS 13.5, and the update brings several significant changes. In what follows, we’ll touch on the highlights — and tell you what they mean in terms of safety, security, and privacy.
Updated: Apple has now released full security notes for the iOS 13.5 update.
There were eight separate fixes to kernel vulnerabilities, which is significant: the kernel is the core of the operating system, and bugs there can lead to serious problems. Apple says that the kernel issues patched in this release could have led to arbitrary code execution and an attacker accessing restricted memory areas.
In addition, there were a number of fixes that dealt with handling and parsing different file types and web content. Two bugs in Mail could have allowed a maliciously crafted message to create system memory issues. Bugs in Audio could have fallen victim to malicious audio files, allowing code execution by an attacker. FontParser and ImageIO had similar problems handling malicious PDFs and malicious images, respectively. And WebKit, which powers iOS web browsers, had a number of flaws that could have resulted in code execution and cross-site scripting attacks.
Face ID gets faster
For the past several months, Face ID users have had to deal with the frustration of trying to unlock their phones while wearing masks. If Face ID is unable to scan your face, it does offer a passcode prompt — but this happens after a slight delay. Given the current circumstances, this has resulted in a minor but recurring inconvenience for millions of mask-wearing iPhone users.
iOS 13.5 introduces a shortcut to the passcode option. If you’re wearing a mask, simply swipe up from the bottom of your iPhone and you’ll be presented with the passcode prompt immediately — no more delays.
This might seem like nothing more than a small UX improvement, but when you consider that impatient users might have been lifting their masks in order to unlock their phones more quickly, the new feature may deliver real health and safety benefits as well.
Exposure Notification API arrives
iOS 13.5 also introduces the much-anticipated Covid-19 contact tracing API, which is now called “Exposure Notification”. The API doesn’t do anything on its own: It just provides the basic functionality that public health authorities can use to build their own cross-platform contact tracing apps. Because of this, it will remain inactive on your device unless you opt to download a contact tracing app from your local public health authority.
In good news for user privacy, Exposure Notification comes disabled by default. In fact, you won’t even be able to turn it on unless your local public health authority releases an app that uses the API. But if you want to check out where the opt-in controls are, go to Settings > Privacy > Health > Covid-19 Exposure Logging. That’s where you can find the option to turn Exposure Logging on or off.
Last year’s big jailbreak news was checkm8, which exploited an issue with the hardware that loads iOS each time you boot up your phone. It was considered unpatchable, but because it relied on a vulnerability in Apple’s A5 to A11 chips, it didn’t affect newer iOS devices.
This week, the development group behind the “unc0ver” jailbreak tool announced that they will soon release a jailbreak for all iOS versions on all devices — meaning that iPhone 11 and iPhone SE will also be affected (even if they’re running iOS 13.5).
The folks at unc0ver say that the new jailbreak relies on a kernel vulnerability. This is, at least in principle, patchable — so stay tuned, another iOS update may be coming soon!
How to update your iOS device
If you’ve enabled automatic updates, you shouldn’t have to do anything in order for your device to be upgraded to iOS 13.5. But if you need to update manually, go to Settings > General > Software Update. You’ll see the option to download and install the update — just tap to proceed.