قالب وردپرس درنا توس
Home / Mac / Apple releases iOS 12.4, macOS Mojave 10.14.6 and more security updates

Apple releases iOS 12.4, macOS Mojave 10.14.6 and more security updates



Security & Privacy

Apple Releases iOS 12.4, macOS Mojave 10.14.6 and More Security Updates

Posted on
July 22, 2019 by

Jay Vrijenhoek and Joshua Long

Today, Apple provided updates for all its operating systems and the Safari browser for Mac. Here is a brief overview of new features and security related fixes included with each update.

iOS 12.4

Apple says this update introduces a new "iPhone migration" feature, allowing customers to directly transfer data from an old iPhone to a new iPhone wirelessly during the installation process. It also includes enhancements to Apple News and adds support for HomePod in Japan and Taiwan.

As usual, this iOS update includes security enhancements for any device that supports iOS 12: iPhone 5s and above, iPad Air and later, or iPod touch 6th generation and later. A total of 37 security issues were addressed. A handful of highlights:

FaceTime
Effect: An external attacker may be able to cause arbitrary code execution
Description: A memory corruption problem was addressed with improved input validation.

Messages
Impact: An external attacker may cause an unexpected application termination
Description: Service denial issue was addressed with improved validation.

Siri
Consequence: An External Attacker May Be Able to Leak Memory
Description: An outside boundary was addressed with enhanced input validation.

Telephony
Effect: The initiator of a phone call may be able to get the recipient to respond to a simultaneous Walkie-Talkie connection
Description: A logic problem existed in answering phone calls. The problem was solved with improved government control.

Wallet
Effect: A user can unintentionally carry out a purchase in the app while on the lock screen
Description: The problem was addressed with improved user management.

Of the 37 corrections, 22 were WebKit, Apple's web rendering engine. All in all, a large amount of CVEs were addressed in this update, so it is recommended to install it earlier than later.

The complete list of addressed security issues can be found here. iOS 12.4 can be downloaded over the air by going to Settings > General > Software Update . You can also connect your iOS device to your Mac and let iTunes download and install the update for you.

tvOS 12.4

Listed as an update that includes overall performance and stability improvements. Available for Apple TV HD and Apple TV 4K, a total of 32 security issues were addressed, most of which are the same as addressed in iOS 12.3. Among these corrections, Kernel, WebKit and Siri had all the work to make them safer.

The complete list of addressed security issues can be found here. The TVOS update can be downloaded directly to Apple TV by going to Settings > System> Software Updates> Check for Update .

Apple TV Software 7.3.1 [19659006] Apple also released a small update for Apple TV (3rd generation) containing "overall performance and stability improvements." No new features were listed as part of this update, and Apple's security update page indicates that there is " no published CVE entries " related to this update.

The update can be downloaded directly to the Apple TV off of Settings > General > Software updates > Update software .

watchOS 5.3

Apple says watchOS 5.3 "includes new features, enhancements and bug fixes and is recommended for all users." The most prominent solution is Apple's re-activation of the Walkie-Talkie feature, which Apple had disabled two weeks earlier due to a security issue (as discussed in section 92 of the Intego Mac Podcast).

The new watchOS update also supports two health features for users in Canada and Singapore: the ECG app on Apple Watch Series 4, and irregular heart rate alerts.

A total of 23 security-related issues were resolved, and as you might expect, these are the same as those addressed in iOS and tvOS.

The new watchOS can be installed by connecting the Apple Watch to the charger, then on the iPhone Apple Watch app > tab My Watch > General > Software Update .

Safari 12.1.2

The latest version of Safari for Mac – available for macOS High Sierra and Sierra users and included in macOS Mojave 10.14.6 – provides a few bug fixes and enhancements that enhance honest security. A total of 23 security issues were addressed, including 22 for WebKit; The remaining issue was in the Safari application itself, and had allowed malicious websites to spoil the address bar.

The complete list of addressed security issues can be found here. The new Safari 12.1.2 can be downloaded through the Updates tab of App Store . For macOS Mojave users, it is included in macOS 10.14.6.

macOS Mojave 10.14.6, Security update 2019-004 High Sierra, Security update 2019-004 Sierra

Of course, macOS also received updates. Mojave users were treated with both features and security updates, while High Sierra and Sierra users only received security updates.

Apple says the update of macOS Mojave 10.14.6 improves the stability and reliability of the Mac and is recommended for all users. Among the enhancements are improvements to Apple News +, and fixes related to a problem with Boot Camp on certain Macs with Fusion drives, a problem that can cause a hangout during a restart, a graphical problem that may occur when you wake up from sleep , a problem that can cause full-screen video to appear black on the Mac mini and the reliability of file sharing over the SMB.

In total, 44 security related issues were resolved in one or more of the three updates. These include:

Bluetooth
Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS Mojave 10.14.5
Impact: A remote attacker may be able to cause arbitrary code execution
Description: A memory corruption problem was addressed with improved input validation.

FaceTime
Available for: macOS Mojave 10.14.5
Consequence: A remote attacker may be able to cause arbitrary code execution
Description: A problem with memory corruption was addressed with enhanced inndatvalidering.

Graphics Drivers
Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.5
Effect: A program may be able to read limited memory
Description: A validation problem was addressed with improved entry cleaning.

Time Machine
Available for: macOS Mojave 10.14.5
Effect: The encryption status of a Time Machine backup may be incorrect
Description: An inconsistent problem with the user interface was solved with improved state control.

Siri
Available for: macOS Mojave 10.14.5
Consequence: An external attacker may be able to leak memory
Description: An out Read the boundaries were addressed with improved input validation.

The complete list of addressed security issues can be found here. MacOS Mojave, High Sierra and Sierra users can install the updates via the Apple menu > System Preferences … > Software Update .

iOS 9.3.6 and iOS 10.3.4

In an unexpected move, Apple also provided updates for iOS 9 and iOS 10, apparently only to solve GPS and time synchronization issues.

The updates are made available specifically for GPS-enabled devices that cannot be upgraded to the latest versions of iOS, which include the iPhone 5 and iPad (4th generation) Wi-Fi + Cellular – both of which receive iOS 10.3. 4 – and iPhone 4's, iPad mini (1st generation) Wi-Fi + Cellular, iPad 2 Wi-Fi + Cellular and iPad (3rd generation) Wi-Fi + Cellular – all of which receive iOS 9.3.6.

No update is available for iOS 11 because any device compatible with iOS 11 is also compatible with iOS 12.

According to Apple, the updates contain " no published CVE entries, " meaning that if any security-related issues were addressed, there is no public information about them at this time. It is very important to note that using devices with older versions of iOS is becoming increasingly unsafe ; Many serious security issues have been fixed in iOS 12 which will probably never be fixed in earlier versions of iOS.

Anyone who still uses an older iOS device should therefore consider upgrading to a model that will support iOS 13 or iPadOS 13, which will be released this fall. The following devices are believed to be compatible with iOS 13:

  • iPhone SE, iPhone 6s and 6s Plus, iPhone 7 and 7 Plus, iPhone 8 and 8 Plus, iPhone X, iPhone Xʀ, iPhone Xs and Xs Max, and upcoming iPhone models (Apple is expected to release new models this fall around the launch of iOS 13)
    • Note that the iPhone 5s and iPhone 6 and 6 Plus will no longer be supported and will probably not receive additional security updates.
  • iPod touch (7th generation)
    • Note that iPod touch (6th generation) will no longer be supported and will probably not receive additional security updates.
    • Shockingly this means that if you bought a new iPod touch as late as May 2019 and just before the launch of the new 7th gene model, your device may be as little as 4 months old when Apple stops release security updates for it (as discussed in section 87 of the Intego Mac Podcast).
  • iPad Air 2, iPad Air (3rd generation), iPad mini 4, iPad mini (5th generation), iPad (5th generation), iPad (6th generation), and all models of iPad Pro
    • Note that iPad Air and iPad mini 2 and 3 will no longer be supported and will probably not receive additional security updates.

Back up Macs and iOS devices before updating

Whether you & # 39; If you use iOS or MacOS, always back up your data before installing updates. This gives you a restore point in case something doesn't go as planned. The most thorough way to back up your iOS device is to connect it to your computer and create an encrypted backup via the iTunes app, but you can also back up your device to iCloud as well. For Mac Backups, see the related article:

How to verify your backups works properly

How can I learn more?

Every week at Intego Mac Podcast Intego's experts discuss the greatest security and privacy issues for users of Apple products – for example, the Walkie-Talkie vulnerability was discussed in section 92 and the likely interruption of the security updates for the 6th-gene iPod touch was discussed in section 87. Remember to subscribe to make sure you never miss the last episode. You will also subscribe to our newsletter and follow an eye here on Mac Security Blog for updates.

You can also follow Intego on your favorite social and media channels: Facebook, Instagram, Twitter and YouTube (click on 🔔 to be notified of new videos).

About Jay Vrijenhoek

Jay Vrijenhoek is an IT consultant with a passion for Mac security research. He conducts independent malware testing, and also writes about privacy and security issues on his blog's Security Spread. Follow him on Twitter at @SecuritySpread .
View all posts by Jay Vrijenhoek →

This entry was posted in Security and Privacy and tagged iOS, iPod Touch, Security Updates. Notice the permalink.


Source link