قالب وردپرس درنا توس
Home / Mac / Apple releases iOS 12.3, macOS Mojave 10.14.5 and more security updates

Apple releases iOS 12.3, macOS Mojave 10.14.5 and more security updates



Security & Privacy

Apple Releases iOS 12.3, macOS Mojave 10.14.5 and Multiple Security Updates

Posted on
May 13, 2019 by

Jay Vrijenhoek

This week, Apple released updates to all operating systems and Safari for Mac. Here is a brief overview of new features and security-related solutions included with each update.

iOS 12.3

This update includes support for AirPlay 2-enabled TVs, has a newly developed Apple TV app and includes bug fixes and enhancements. It also contains 42 security updates . Some of the highlights:

Lock Screen
Impact: A person with physical access to an iOS device may see the email address used for iTunes
Description: A logical problem was addressed with improved limitations.

Contacts
Influence: A malicious application may be able to read limited memory
Description: An input validation problem was addressed with improved input validation.

Mail
Impact: A maliciously crafted message may be processed to lead to denial of service
Description: A recording validation problem was addressed with improved input validation.

MobileLockdown
Impact: A malicious application may be able to achieve rotation rights
Description: An input validation problem was addressed with improved input validation.

Images Storage
Influence: A sandbox process may be able to bypass sandbox limitations
Description: An access problem was addressed with add-on

Wi-Fi
Impact: A device can be passively tracked by its WiFi MAC Address
Description: A problem with the user's privacy was addressed by removing the broadcast MAC address.

Included were also 3 core fixes and 21 WebKit repairs, among others. All in all, a large amount of CVEs were addressed in this update, so it is recommended to install it faster than later.

The complete list of security issues addressed can be found here. IOS 12.3 can be downloaded into the air by going to Settings > General > Software Update . You can also connect your iOS device to your Mac (or Windows PC) and install the update through the iTunes app.

iOS 12 (including 12.3) is compatible with iPhone 5s and above, iPad Air and later and iPod touch 6th generation. Older devices that cannot run iOS 12 will no longer receive critical security updates.

Specifically, Apple still has not addressed the iOS Safari issue that allows anyone to send fake news headlines to other iMessage users. [19659005] tvOS 12.3

This update for Apple TV 4K and Apple TV HD formerly known as Apple TV (4th generation) – includes general performance and stability improvements and a new Apple TV app. Overall, security issues were addressed, all addressed in iOS 12.3; The core, WebKit and Wi-Fi had all done some work to make them more secure.

The complete list of addressed security issues can be found here. The TVOS update can be downloaded directly from the Apple TV by going to Settings > System > Update software .

Apple TV Software 7.3

Unexpectedly, the old Apple TV (3rd generation), which Apple sold from 2012 to 2016, also received a software update. The update included only 3 security patches : one for Bluetooth and two for Wi-Fi.

The very short list of security issues addressed can be found here. You can download and install the update by going to Settings > System > Software Update > Update Software .

watchOS 5.2. 1

watchOS received some new clock faces and all other work was done in the form of security corrections. Overall, 21 security issues were resolved, and as one might expect, these are the same as those addressed in iOS and tvOS (as many as apply to the Apple Watch operating system).

The new watchOS can be installed by connecting the clock to the charger, then opening the iPhone Apple Watch app > My Watch tab > General > Software Update .

Note that the original line Apple Watch (Nickname Series 0) no longer receives security updates, and is stuck with watchOS 4.3.2, released in July 2018.

Safari 12.1. 1

The latest version of Safari for Mac available to MacOS High Sierra and Sierra users, and included with macOS Mojave 10.14.5 brings some bug fixes and enhancements that improve overall security. 21 security issues were addressed, all of which are for WebKit.

The complete list of security issues addressed can be found here. For MacOS High Sierra and Sierra users, the new Safari 12.1.1 can be downloaded through the Updates tab of the App Store . For MacOS Mojave users, it is included in MacOS 10.14.5.

macOS Mojave 10.14.5, Security update 2019-003 High Sierra, Security update 2019-003 Sierra

Last but not least, macOS received some updates: Safe updates for Sierra and High Sierra users, and one update for security add-ons for Mojave users. The Mojave update includes the following enhancements and repairs to the operating system:

  • Adds AirPlay 2 support to share videos, photos, music and more from your Mac directly to your AirPlay 2-enabled smart TV.
  • Adds the ability to follow a magazine from the Apple News + web browser directory (available in the US and Canada only).
  • Improves the audio latency of MacBook Pro models introduced in 2018.
  • Removes a problem that prevented certain very large OmniOutliner and OmniPlan documents from
  • Fixes an issue that prevented resetting the user account password from the login window after you has used a personalized recovery key (PRK) to unlock the FileVault volume.
  • Fixes an issue that prevented the InstalledApplicationList MDM command from acknowledging that updates are available for apps installed via VPP.

Of course, there are also security related solutions including: [1 9459015] 51 security updates to be exact. These include:

Application Firewall
Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS Mojave 10.14.4
Impact: An application may be able to execute arbitrary code with core terms
Available for: macOS Mojave 10.14.4
Impact: A malicious application can reverse Gatekeeper controls
Description: This issue has been discovered with improved limitations.

DesktopServices
was addressed with improved controls.

EFI
Available for: macOS Mojave 10.14.4
Influence: A user may be unexpectedly logged on to another user's account
Description: An authentication problem was addressed

StreamingZip
Available for: macOS Mojave 10.14.4
Influence: A local user may be able to change protected parts of the file system
Description: A validation problem existed in the handling of symlinks. This issue was addressed with improved validation of symlinks.

Touch Bar Support
Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6
Impact: An application may be able to execute arbitrary code with system privileges
Description: A memory corruption problem was handled with improved memory management.

The Mojave update includes brand new microcode (using an EFI firmware update) to reduce speculative execution issues in Intel processors. You can remember that Specter and Meltdown were speculative execution exploits, followed by Foreshadow-NG (addressed in macOS Mojave 10.14.1), and now there is a new attack called ZombieLoad (discussed on episode 83 in Intego Mac Podcast). More about the microcode's content in the update can be found in Apple's documentation here. In particular, users must manually activate complete reduction through a manual process, if they choose to do so; It can lead to up to 40% reduction in system performance for some tasks, and since the vulnerability is not known to be exploited remotely, Apple does not allow full reduction by default. Keep up to date with an Intego article on ZombieLoad for further information.

The complete list of security issues addressed to macOS can be found here. MacOS Mojave, High Sierra and Sierra users can install the updates via the Apple menu > System Settings … > Software Update .

iTunes Device Support Update

MacOS users can also see an iTunes Device Support Update in the list of available software updates. Listed as an update that ensures the correct update and recovery of iOS devices using iTunes for Mac, no further details are provided by Apple, so what this update does exactly is currently unknown. No security related repairs are mentioned for this update.

Back up your Macs and IOS devices before updating

Whether you're using iOS or MacOS, always back up your data before installing any updates. This gives you a restore point if something doesn't go as planned.

See also our related article about checking your MacOS backups:

How to confirm that your backups are working properly