Apple Patched Nearly a Dozen Vulnerabilities And Introduced New Privacy Features

Apple

With the introduction of iOS 14 and iPadOS 14 this week, Apple has fixed about a dozen flaws, and added new privacy tools.

A different component of the operating system impacts each of the security flaws addressed, namely AppleAVD, Assets, Icons, IDE Device Support, IOSurfaceAccelerator, Keyboard, Model I / O, Phone, Sandbox, Siri, and WebKit.

Applications that may cause a system crash or write kernel memory, identify other installed applications, leak user information, or access restricted files may result in problems; may allow attackers to download malicious content, execute arbitrary code, or view notification content from the lockscreen; may lead to execution of arbitrary code or a cross-site scripting attack; may allow for use

The app upgrades to iOS 14.0 and iPadOS 14.0 are available for iPhone 6s and later, iPod touch 7th edition, iPad Air 2 and later, and iPad mini 4 and later.

In addition to security patches, the upgrades also include numerous other changes, including new protection and privacy features, such as reminders when the camera or microphone is recording, or copying and pasting of data.

Starting with the new platform iteration, users can deny access to precise location for applications, and are also informed about applications that request local network access. They can also use a new functionality, which offers a random “private” MAC address while trying to link to a Wi-Fi network.

Apple also announced this week that security patches are available in watchOS 7.0 (with four vulnerabilities in Keyboard, Phone, Sandbox, and WebKit) and tvOS 14.0 (with four bugs in Assets, Keyboard, Sandbox, and WebKit) respectively.

This week, Safari 14.0 was released with patches for four WebKit bugs that could lead to arbitrary code execution or cross-site scripting attacks, and macOS Catalina and macOS Mojave are available for download.

Apple also announced Xcode 12.0 release, which patches a bug in IDE Device Support that could allow “an attacker in a privileged network position […] to execute arbitrary code on a paired device during a network debug session.”

Mark Funk
Mark Funk is an experienced information security specialist who works with enterprises to mature and improve their enterprise security programs. Previously, he worked as a security news reporter.