Home / Mac / Apple launches iOS 14, watchOS 7 and more with security updates

Apple launches iOS 14, watchOS 7 and more with security updates



Security news

Apple launches iOS 14, watchOS 7 and more with security updates

Posted September 17, 2020 by Jay Vrijenhoek

This week, Apple released updates to most of the operating systems and the macOS version of the Safari browser. Here is a brief overview of the security updates that come with each update, as well as some of the non-security changes.

iOS 1
4.0 and iPadOS 14.0

Available for: iPhone 6s and later, 7th generation iPod touch, iPad Air 2 and later, and iPad mini 4 and later
Apple says about these updates:

iOS 14 updates the core experience on the iPhone, includes important app updates and other new features.

iPadOS 14 introduces redesigned apps, new Apple Pencil features and other enhancements.

Some non-security highlights:

  • (iOS) Redesigned widgets can be placed directly on the home screen
  • (iOS) The App Library automatically organizes all your apps into categories
  • (iOS and iPadOS) Incoming phone and FaceTime calls are displayed as a banner at the top of the screen
  • (iPadOS) The app sidebar has a new look that provides more of the app’s functionality in the main window
  • (iPadOS) Type in any text field with Apple Pencil, and the writing is automatically converted to typed text

At least 11 security issues were resolved in iOS and iPadOS. Here are some notables:

Icons
Impact: A malicious program may be able to identify which other applications a user has installed.
Description: The issue was resolved with improved icon buffer management.

Keyboard
Impact: A malicious program may be leaking sensitive user information.
Description: A logical problem was solved with improved state administration.

Telephone
Effect: The screen lock cannot be switched on after the specified time period.
Description: This issue was resolved with improved controls.

Siri
Impact: A person with physical access to an iOS device can view alert content from the lock screen.
Description: A lock screen problem allowed access to messages on a locked device. This problem was solved with improved public administration.

WebKit
Impact: Managing malicious Web content may lead to a cross-site scripting attack.
Description: An input validation issue was resolved with enhanced input validation.

The complete list of security issues addressed can be found here

tvOS 14.0

Available for: Apple TV HD and Apple TV 4K
New features include:

  • Fast game recording
  • Picture-in-picture
  • Selection of screen saver
  • 4K playback support from YouTube and AirPlay

At least four security issues were resolved. All the same as addressed in iOS and iPadOS 14.0, making this a small security update.

The complete list of addressed security issues can be found here. The TvOS update can be downloaded directly from Apple TV by going to Settings > System > Update software.

watchOS 7.0

Available for: Apple Watch Series 3 and later, this is the first watchOS to support Series 1 and 2.
New features include:

  • Family setup
  • More customizable dials
  • See face sharing
  • The sleep app
  • And more

At least four security issues were resolved, and they are the same as those addressed in tvOS 14.0 and also included iOS 14.0 and iPadOS 14.0.

The complete list of security issues addressed can be found here

Safari 14.0

The latest version of Safari is available for macOS Catalina (10.15) and macOS Mojave (10.14). Note that macOS High Sierra (10.13) is not supported, because macOS Big Sur (11) is coming this fall. Apple usually only releases new major Safari versions for the current and two previous releases of macOS, so High Sierra will no longer be supported soon.

Safari 14 introduces new features, even faster performance and improved security. At least four security issues related to the WebKit Page Thread Engine were resolved, and the details can be read here.
The new features and improvements include:

  • New tab design displays multiple tabs on the screen and displays favorite icons by default
  • Custom Home lets you set a wallpaper and add new sections
  • Privacy Report shows cross-site tracking sites that are blocked by Intelligent Tracking Prevention
  • Removes Adobe Flash support for enhanced security

As regular readers of this blog know, fake Flash Player updates and pop-ups are frequent malware vectors, and in the past Flash Player has been known to have a number of security issues itself. But the biggest reason for dropping Flash Player is that the developer, Adobe, will officially discontinue Flash in 2020. Hopefully, users will be aware of this and be less likely to fall for fake Flash Player updates.

Safari 14.0 can be downloaded System selection > Software update for users of Mojave and Catalina.

Whether you use iOS, iPadOS or macOS, always back up your data before installing updates. This gives you a restore point in case something does not go as planned.

See also our related article on checking macOS backups:
How to confirm that the backups are working properly

About Jay Vrijenhoek

Jay Vrijenhoek is an IT consultant with a passion for Mac security research. He conducts independent tests for malware protection, and also writes about privacy and security-related issues on his blog’s Security Spread. Follow him on Twitter at @SecuritySpread. View all posts by Jay Vrijenhoek β†’

This entry was posted in Security News and tagged security updates. Mark the permalink.




Source link