September 27, 2020

Apple security updates: fixing dozens of product vulnerabilities

1 min read

Apple Inc. recently released a series of updates to address dozens of product vulnerabilities including macOS, iOS, Safari, tvOS, and iTunes and Windows iCloud for Windows.

The newly released macOS High Sierra 10.14.4 contains a patch for 35 security vulnerabilities. Components affected include AppleGraphicsControl, CFString, Bom, configd, Contacts, CoreCrypto, DiskArbitration, FaceTime and more. Some of these vulnerabilities could lead to arbitrary code execution, buffer overflow, denial of service, and race condition. As part of Security Update 2019-002 High Sierra, Security Update 2019-002 Sierra, these patches apply to all devices running macOS Sierra 10.12.6, macOS High Sierra 10.13.6, and macOS Mojave 10.14.3, respectively.

A12 Bionic

On the other hand, iOS 12.2 release solved 51 security vulnerabilities involving CFString, configd, Contacts, CoreCrypto, Exchange ActiveSync, FaceTime, Feedback Assistant, GeoServices, iAP, IOHIDFamily, IOKit, Kernel and more. These vulnerabilities could lead to buffer overflow, denial of service, arbitrary code execution, S/MIME signature spoofing, and leak sensitive user information.

The latest version of Safari 12.1 includes fixes for 20 security vulnerabilities that could lead to disclosing sensitive user information, the disclosure of process memory, execute arbitrary code with system privileges. The updated browser is available for macOS Sierra 10.12.6, macOS High Sierra 10.13.6, and Mojave 10.14.4.

Apple also released iTunes 12.9.4 for Windows (iCloud for Windows 7.11), which contains fixes for 19 security flaws. Also released is iCloud 7.5 for Windows (iCloud for Windows 7.5) to fix similar security vulnerabilities.