Tag: Security

Multiple active exploits could affect iPhone use of Bluetooth.

Flipper Zero hacker tool could be used to trigger iPhone DDoS attack using Bluetooth signals by AirPods, HomeKit accessories, etc. These signals usually trigger popup on iPhone allowing to connect to headphones or perform other actions. Crafting these signals in a specific way could result in iOS restart.

Newly discovered BLUFFS attack could be used to impersonate devices and trigger disclosure of private information. It is not yet clear, if AirDrop is affected by this attack as it uses more than just Bluetooth to authenticate the device. However, it is still possible to hijack audio or other Bluetooth connection. Fix would require device manufacturers to modify security mechanisms of Bluetooth stack.

References:

• Flipper Zero can still crash iPhones running the latest version of iOS 17
• Bluetooth security flaws allow connections to be hijacked; AirDrop unlikely to be affected [U]

Apple releases iOS/iPadOS 17.1.2 and macOS Sonoma 14.1.2. No new features are added, update brings security fixes and stability updates. Fix targets issues with WebKit.

References:

• iOS 17.1.2 and iPadOS 17.1.2
• macOS 14.1.2
• iOS 17.1.2 & Sonoma 14.1.2 updates stop browsers from leaking personal data
• iOS 17.1.2 and macOS Sonoma 14.1.2 patch 2 actively exploited vulnerabilities
• Apple Releases iOS 17.1.2 With Security Fixes
• Apple Releases macOS Sonoma 14.1.2 With Bug Fixes
• Apple releases iOS 17.1.2 and macOS Sonoma 14.1.2 security updates

Apple releases iOS/iPadOS 17.1, macOS Sonoma 14.1, watchOS 10.1 and tvOS 17.1. HomePod software is also updated to 17.1. Previous iOS releases also got important security updates – 15.8 and 16.7.2.

No corresponding Xcode release is published.

iOS 17.1 brings various improvements including AirDrop over Internet, StandBy enhancements, Apple Music updates and various other updates and fixes.

watchOS 10.1 brings NameDrop feature and activates Double Tap on Series 9 and Ultra 2 models.

tvOS 17.1 and HomePod software 17.1 bring Enhance Dialogue feature to original HomePod and HomePod mini.

iOS 17.1

AirDrop

• Content continues to transfer over the internet when you step out of AirDrop range

StandBy

• New options to control when the display turns off (iPhone 14 Pro, iPhone 14 Pro Max, iPhone 15 Pro, and iPhone 15 Pro Max)

Music

• Favorites expanded to include songs, albums, and playlists, and you can filter to display your favorites in the library
• New cover art collection offers designs that change colors to reflect the music in your playlist
• Song suggestions appear at the bottom of every playlist, making it easy to add music that matches the vibe of your playlist

This update also includes the following improvements and bug fixes:

• Option to choose a specific album to use with Photo Shuffle on the Lock Screen
• Home key support for Matter locks
• Improved reliability of Screen Time settings syncing across devices
• Fixes an issue that may cause the Significant Location privacy setting to reset when transferring an Apple Watch or pairing it for the first time
• Resolves an issue where the names of incoming callers may not appear when you are on another call
• Addresses an issue where custom and purchased ringtones may not appear as options for your text tone
• Fixes an issue that may cause the keyboard to be less responsive
• Crash detection optimizations (all iPhone 14 and iPhone 15 models)
• Fixes an issue that may cause display image persistence

Some features may not be available for all regions or on all Apple devices. For information on the security content of Apple software updates, please visit this website: https://support.apple.com/kb/HT201222

iPadOS 17.1

AirDrop

• Content continues to transfer over the internet when you step out of AirDrop range

Music

• Favorites expanded to include songs, albums, and playlists, and you can filter to display your favorites in the library
• New cover art collection offers designs that change colors to reflect the music in your playlist
• Song suggestions appear at the bottom of every playlist, making it easy to add music that matches the vibe of your playlist

Apple Pencil

• Support for Apple Pencil (USB-C)

This update also includes the following improvements and bug fixes:

• Option to choose a specific album to use with Photo Shuffle on the Lock Screen
• Home key support for Matter locks
• Improved reliability of Screen Time settings syncing across devices
• Fixes an issue that may cause the keyboard to be less responsive

Some features may not be available for all regions or on all Apple devices. For information on the security content of Apple software updates, please visit this website:https://support.apple.com/kb/HT201222

macOS Sonoma 14.1

This update provides enhancements, bug fixes, and security updates for your Mac including:

• Favorites expanded in Music to include songs, albums, and playlists, and you can filter to display your favorites in the library
• Apple warranty status for Mac, AirPods, and Beats headphones and earbuds are available in System Settings
• Fixes an issue where the System Services settings within Location Services may reset
• Fixes an issue that may prevent encrypted external drives from mounting

Some features may not be available for all regions, or on all Apple devices.

For detailed information about the security content of this update, please visit: https://support.apple.com/kb/HT201222

watchOS 10.1

watchOS 10.1 includes new features, improvements, and bug fixes, including:

• Double tap gesture can be used to perform the primary action in notifications and most apps so you can answer a call, play and pause music, stop a timer, and more (Available on Apple Watch Series 9 and Apple Watch Ultra 2)
• NameDrop allows you to exchange contact information with someone new by simply bringing your Apple Watch near their iPhone with iOS 17 or Apple Watch (Available on Apple Watch SE 2, Apple Watch Series 7 and later, and Apple Watch Ultra)
• My Card is available as a complication for quick access to NameDrop
• Fix for bug that causes the climate section in the Home app to be blank
• Addresses an issue that causes a white selection border to be unexpectedly displayed after turning off AssistiveTouch
• Fixes an issue where cities may not sync between iPhone and watch in Weather
• Resolves an issue where the scroll bar may unexpectedly be visible on the display
• Fix for bug that causes elevation to be incorrect for some users

For information on the security content of Apple software updates, please visit this website: https://support.apple.com/kb/HT201222

HomePod software 17.1

Software version 17.1 adds support for Enhance Dialogue on HomePod mini and HomePod (1st generation) so you can hear spoken voices more clearly over effects, action, and music in a movie or TV show when paired with Apple TV 4K. This update also includes bug fixes and stability improvements.

Apple Newsroom: Apple Watch double tap gesture now available with watchOS 10.1

References:

• Apple Brings Enhance Dialogue to Original HomePod and HomePod mini With 17.1 Update
• Apple Releases watchOS 10.1 With Double Tap, NameDrop and More
• Apple releases iOS 17.1 with AirDrop, StandBy, and Music features plus 7 bug fixes
• Apple Releases iOS and iPadOS 17.1 with New Apple Music Features, Small iPad Enhancements, and More
• Apple Releases macOS Sonoma 14.1
• Hands on with all the new features in iOS 17.1
• WebKit Features in Safari 17.1
• iOS 17.1 patches these 18 security flaws
• Everything You Can Do With the Double Tap Gesture on Apple Watch

Early tests show that in order to mitigate overheating issue Apple did not throttle iPhone performance in iOS 17.0.3 update. 9To5Mac reports that Geekbench tests for iOS 17.0.3 are even slightly better than iOS 17.0.2.

On the other hand, support document highlights important kernel and WebRTC fixes in iOS 17.0.3.

Additional security updates were released for iOS/iPadOS – 16.7.1.

Apple Support: About the security content of iOS 17.0.3 and iPadOS 17.0.3

References:

• Does iOS 17.0.3 slow down the iPhone 15 Pro to prevent overheating? Here’s what preliminary tests show
• iOS 17.0.3 fixes security breach that had been actively exploited
• Apple Releases iOS 16.7.1 for Older iPhones and iPads
• Apple releases iOS 16.7.1 with important security fixes for non-iOS 17 users

Apple issues bug fix release for iOS and iPadOS – 17.0.3. This should fix issues causing iPhone 15 models to overheat.

Update also address security issue which was actively exploited.

Reference: iOS 17.0.3 fixes security breach that had been actively exploited

Apple releases next major release of macOS – Sonoma.

macOS Sonoma brings all‑new capabilities that elevate your productivity and creativity. Discover even more ways to personalize your Mac with stunning screensavers and widgets that you can add to your desktop. Elevate your presence on video calls with a new way to present your work that keeps you a part of the presentation. Safari profiles and web apps help you organize your browsing in all-new ways. Game Mode boosts your gaming performance. Sonoma also brings big updates to Messages, Keyboard, and Accessibility. And when you upgrade, you get the latest security and privacy protections available for Mac.

Screen Savers

• Stunning screen savers of locations from around the world seamlessly become your desktop wallpaper when you log-in
• Shuffle settings for rotating through screensavers by theme including Landscape, Cityscape, Underwater, and Earth

Widgets

• Widgets can be placed anywhere on the desktop and adapt to the color of your wallpaper while working in apps
• iPhone widgets can be added to your Mac when your iPhone is nearby or on the same Wi-Fi network
• Interactive widgets let you take actions directly from the widget such as running a shortcut, pausing media, and more

Video Conferencing

• Presenter Overlay keeps you front and center while sharing your screen in FaceTime or third-party video conferencing apps (Mac with Apple silicon)
• Reactions layer 3D effects like hearts, balloons, confetti, and more around you in video calls and can be triggered with gestures (Mac with Apple silicon, Continuity Camera with iPhone 12 and later)

Safari and Passwords

• Profiles keep your browsing separate for topics like work and personal, separating your history, cookies, extensions, Tab Groups, and favorites
• Web apps let you use any website like an app, complete with an icon in the Dock for faster access and a simplified toolbar for easier browsing
• Enhanced Private Browsing locks your private browsing windows when you're not using them, blocks known trackers from loading, and removes tracking that identifies you from URLs
• Password and passkey sharing allows you to easily share accounts with trusted contacts

Messages

• Live Stickers sync from iOS and iPadOS to macOS, giving you access to the Live Stickers you create on your iPhone and iPad
• Search filters for people, keywords, and content types like photos or links help you more easily find what you are looking for
• Swipe to reply inline on any iMessage bubble

Gaming

Game Mode gives games the highest priority on the CPU and GPU, delivering more consistent frame rates and lower latency to wireless controllers and AirPods (Mac with Apple silicon)

Keyboard

• Improved autocorrect accuracy makes typing even easier by leveraging a more powerful transformer-based language model
• Inline predictive text shows single- and multi-word predictions that you can add by pressing the Space bar
• Improved Dictation experience supports using your voice and keyboard together to enter and edit text

AirPods

• Adaptive Audio delivers a new listening mode that dynamically blends Active Noise Cancellation and Transparency to tailor the noise control experience based on the conditions of your environment (AirPods Pro (2nd generation) with the latest firmware)
• Personalized Volume adjusts the volume of your media in response to your environment and listening preferences over time (AirPods Pro (2nd generation) with the latest firmware)
• Conversation Awareness lowers your media volume and enhances the voices of the people in front of the user, all while reducing background noise (AirPods Pro (2nd generation) with the latest firmware)
• Press to mute and unmute your microphone by pressing the AirPods stem or the Digital Crown on AirPods Max when on a call (AirPods (3rd generation), AirPods Pro (1st and 2nd generation), or AirPods Max with the latest firmware)
• Improved AirPods automatic switching now detects Mac up to 2X faster (AirPods (2nd and 3rd generation), AirPods Pro (1st and 2nd generation), AirPods Max with the latest firmware)

Privacy

• Sensitive Content Warnings can be enabled to help prevent users from unexpectedly viewing sensitive images in Messages
• Expanded Communication Safety protections for children now detect videos containing nudity in addition to photos shared through Messages and the system Photos picker
• Improved sharing permissions let you choose which photos to share and add calendar events without providing access to your entire photo library or calendar

Accessibility

• Live Speech lets you type what you want to say and reads it aloud in FaceTime calls or in-person conversations
• Personal Voice helps users at risk of speech loss create a voice that sounds like them in a private and secure way using on-device machine learning
• Made for iPhone compatible hearing devices can be paired and used with Mac (MacBook Pro (2021), Mac Studio (2022), and Mac computers with M2 chip)

This release also includes other features and improvements:

• One-Time verification code AutoFill from Mail helps you quickly sign into sites in Safari, without leaving the browser
• Inline PDFs and document scans in Notes are presented full-width making them easy to view
• Grocery Lists in Reminders automatically group related items into sections as you add them
• Visual Look Up for recipes helps you find similar dishes from photo
• Visual Look Up in video helps you learn about objects that appear in paused video frames
• Pets in the People album in Photos surfaces individual pets just like friends or family members
• Option to say "Siri" in addition to "Hey Siri" for a more natural way to activate Siri (Mac with Apple silicon, AirPods Pro (2nd generation))
• High performance mode in Screen Sharing supports color workflows and improves responsiveness while remotely accessing a Mac (Mac with Apple silicon)
• Item sharing in Find My allows you to share an AirTag with up to five other people
• Activity History in Home displays a recent history of events for door locks, garage doors, security systems, and contact sensors
• Battery health management updated on 13-inch MacBook Air with M2 chip to better optimize long term battery health

Some features may not be available for all regions or on all Apple devices.

macOS Sonoma also includes several important security fixes.

Apple Newsroom: macOS Sonoma is available today

Release notes: macOS Sonoma 14 Release Notes

References:

• Apple Releases macOS Sonoma With New Widget Features, Safari Updates, Screen Sharing Improvements and More
• macOS Sonoma: The MacStories Review
• macOS Sonoma Optimizes Latest 13-Inch MacBook Air's Battery Health
• Apple releases macOS Sonoma with interactive desktop widgets, Game Mode, new wallpapers, much more
• macOS 14 Sonoma
• macOS Sonoma includes these 61 security fixes
• macOS Sonoma Features You Should Check Out First
• Apple Explains How Game Mode Works in macOS Sonoma

Less than a week after releasing major updates Apple provides iOS/iPadOS 17.0.1 and watchOS 10.0.1 updates with important security fixes and also iOS 17.0.2 for iPhone 15 models.

Also, iOS/iPadOS 16.6, macOS Ventura 13.6 and watchOS 9.6.3 are released.

References:

• iOS 17.0.1 re-patches 3 actively exploited security flaws
• Apple Releases iOS 17.0.1 and iPadOS 17.0.1 With Bug Fixes, Plus iOS 17.0.2 for iPhone 15 Models
• Apple Releases macOS Ventura 13.6 With Security Fixes
• Apple Releases watchOS 10.0.1 With Bug Fixes

Apple issues iOS/iPadOS 15.7.9, macOS 11.7.10, macOS 12.6.9. These updates fix important security issues including remote code execution with specially crafted image.

References:

• macOS 12.6.9 and macOS 11.7.10
• Apple releases iOS 15.7.9 with ‘important security fixes’
• Apple Releases iOS 15.7.9, iPadOS 15.7.9, macOS 12.6.9 and macOS 11.7.10

Apple releases iOS and iPadOS 16.6.1, macOS Ventura 13.5.2 and watchOS 9.6.2. These releases contain security updates addressing zero day vulnerabilities.

Apple Support:

• About the security content of macOS Ventura 13.5.2
• About the security content of iOS 16.6.1 and iPadOS 16.6.1
• About the security content of watchOS 9.6.2

References:

• iOS 16.6.1 for iPhone now available with important security fixes
• PSA: Make Sure to Update, iOS 16.6.1 and macOS 13.5.2 Address Actively Exploited Vulnerability
• Apple fixed zero-day exploit used by Pegasus spyware with iOS 16.6.1
• Exploit patched in iOS 16.6.1 update delivered Pegasus spyware
• iOS 16.6.1 patches security vulnerabilities in Wallet and more

Exploit in macOS App Management subsystem allowing modification of signed applications was reported to Apple 10 months ago, but is still not resolved. Apple did fix other exploits though.

Johnson says the overwriting of the file completely bypasses App Management in macOS 13.5.1. "The straightforwardness and ease of the bypass is truly stunning."

AppleInsider

No comments from Apple are currently available.

Jeff Johnson: macOS 0day: App Management

Reference: macOS Ventura App Management exploit revealed 10 months after discovery