Apple released security updates that fix vulnerabilities in iOS, macOS, iPadOS, Safari, tvOS and other products. This post includes new Apple updates and CVEs.
iOS 13.1 is the first security update since Apple released iOS 13 a week ago. The update also includes iPadOS 13.1 and a fix for one VoiceOver vulnerability CVE-2019-8775. This issue could allow someone with physical access to an iOS device to access contacts from the lock screen.
A few of the iOS 13 security and privacy enhancements Apple released last week include:
- App location permissions: users can control whether an app can access your location any time you use the app.
- App location transparency: users will receive notifications when an app is using your location in the background (and decide to update your permission).
- Wi-Fi and Bluetooth location privacy enhancements: API changes and new controls help prevent apps from accessing your location without your consent while you’re using Wi-Fi and Bluetooth.
- Location controls for shared photos: users can control whether they share their location when sharing photos.
Apple also added iOS feature enhancements, such as ‘Hide my email’ and ‘Sign in with Apple ID.’ The latter now requires users to protect their Apple ID with two-factor authentication.
Apple also released security updates for watchOS 5.3.2, Safari 13.0.1 and tvOS 13. There are no CVE entries for the Apple TV Software 7.4 update.
In addition, Apple provided updates for macOS Mojave 10.14.6 Supplemental Update 2, Security Update 2019-005 High Sierra, Security Update 2019-005 Sierra. Only one ‘out-of-bounds read’ vulnerability CVE-2019-8641 was fixed with improved input validation.
Finally, check out Apple’s Security Updates site for complete listing of the most recent security updates.
Update 9/27: this post was updated with additional Apple updates and CVEs that were not previously available.