Apple has released a raft of patches for security issues affecting all its major product lines, spanning iOS, macOS and iPadOS and more.
Update 13.6 for iOS and iPadOS resolves 29 security deficiencies in total, with over a third of the fixes geared towards addressing the threat of remote code execution (RCE), whereby an attacker executes foreign code on a target device.
Four of these RCE flaws, discovered by researchers at Anti-financial Light-Year Security Lab, could be exploited by hackers using rigged audio files, while vulnerabilities in the WebKit browser engine could be triggered via malicious web pages.
Meanwhile, as part of the shift to Catalina 10.15.6, similar fixes were issued for macOS, which was also found to be vulnerable to arbitrary code execution via numerous different avenues.
In future, greater overlap is expected in security bugs found in iOS and macOS, with the two platforms sharing an increasing volume of common code – and therefore security issues.
Users are advised to apply the latest patches as soon as possible to safeguard against attack.
Apple security upgrades
Apple has built a stellar reputation in the context of security and user privacy – one the company is at pains to maintain moving forward, as a key differentiating factor over rival offerings.
The company recently unveiled a host of privacy upgrades set to feature in its new operating system, iOS 14. During its WWDC 2020 keynote, the company reiterated its commitment to user privacy, which was described as a “fundamental human right”, and set out a series of changes to its mobile platform.
The most significant new measure will require all developers to provide a summary of an app’s privacy practices and the data it collects, to be displayed before the user activates a download.
Apple likened the measure to “nutrition labels” displayed on food packaging, designed to provide simple-to-read, easily digestible information about a product. Apple’s privacy labels will highlight the types of personal data extracted by an app and shared with Apple, as well as the data that could also be delivered to third parties.
The way Apple handles location data will also be overhauled. Users will now be given the option to share their approximate location with an app (coarse location), as opposed to their precise location (fine location).
Via The Register