Apple has released security updates to address vulnerabilities in iOS 14.0, iPadOS 14.0, watchOS 7.0, Safari 14.0, tvOS 14.0 and Xcode 12.0. Apple also added new Privacy features for iOS 14.0.
A hacker could exploit some of these vulnerabilities to take control of affected devices.
iOS and iPadOS 14.0
The latest iOS 14.0 and iPadOS 14.0 security update addresses 11 vulnerabilities.
Apple also added new Privacy features for iOS 14.0. For example, you will see a new recording feature (on top right of screen) that displays whether an app is using your microphone or camera.
Furthermore, Apple also added new information on the App Store to help iPhone users understand the privacy practices of every app before they download them.
The vulnerabilities impact iPhone 6s (and later), iPod touch 7th generation, iPad Air 2 (and later), and iPad mini 4 (and later) versions.
One of the vulnerabilities CVE-2020-9959 affects Siri, whereby someone with physical access to an iOS device may be able to access messages on a locked device. The issue was fixed with improved state management.
In addition, a Phone screen lock vulnerability CVE-2020-9946 was also fixed, whereby the screen lock may not engage after the specified time period.
To add, a WebKit vulnerability CVE-2020-9952 was also fixed, that could otherwise lead to cross site scripting attack.
The latest Apple watch 7.0 security update addresses 4 vulnerabilities that impact Apple Watch Series 3 and later models.
Similar to the iOS updates, Apple also addressed the same screen lock vulnerability CVE-2020-9946 and Webkit vulnerability CVE-2020-9952 with watchOS 7.0.
The Safari 14.0 update fixes 4 WebKit vulnerabilities and is available for macOS Catalina and macOS Mojave.
If left unpatched, the Webkit vulnerabilities could lead to arbitrary code execution, code execution or cross-site scripting.
The tvOS 14.0 update fixes 4 vulnerabilities to include the same screenlock and WebKit vulnerabilities addressed in the iOS and watchOS updates.
The update is available for Apple TV 4K and Apple TV HD.
Finally, the Apple Xcode 12.0 update patches just a single IDE Device Support vulnerability CVE-2020-9992.
An attacker with privileges could execute arbitrary code on a paired device during a debug session over the network.
The update is available for macOS Mojave 10.15.4 (and later).
Readers can also check out the Apple Security Updates page for all the latest updates.