Tag: Security

Apple publishes updates to some of its operating systems. iOS, iPadOS, watchOS and macOS 13.2 get updates. tvOS and HomePod software are not yet updated. Also, no new Xcode is released.

This update also brings iCloud Advanced Data Protection to all users worldwide.

iOS 16.3

This update includes the following enhancements and bug fixes:

• New Unity wallpaper honors Black history and culture in celebration of Black History Month
• Security Keys for Apple ID allow users to strengthen the security of their account by requiring a physical security key as part of the two factor authentication sign in process on new devices
• Support for HomePod (2nd generation)
• Emergency SOS calls now require holding the side button with the up or down volume button and then releasing in order to prevent inadvertent emergency calls
• Fixes an issue in Freeform where some drawing strokes created with Apple Pencil or your finger may not appear on shared boards
• Addresses an issue where the wallpaper may appear black on the Lock Screen
• Fixes an issue where horizontal lines may temporarily appear while waking up iPhone 14 Pro Max
• Fixes an issue where the Home Lock Screen widget does not accurately display Home app status
• Addresses an issue where Siri may not respond properly to music requests
• Resolves issues where Siri requests in CarPlay may not be understood correctly

Some features may not be available for all regions or on all Apple devices. For information on the security content of Apple software updates, please visit this website: https://support.apple.com/kb/HT201222

iPadOS 16.3

This update includes the following enhancements and bug fixes:

• Security Keys for Apple ID allow users to strengthen the security of their account by requiring a physical security key as part of the two factor authentication sign in process on new devices
• Support for HomePod (2nd generation)
• Fixes an issue in Freeform where some drawing strokes created with Apple Pencil or your finger may not appear on shared boards
• Addresses an issue where Siri may not respond properly to music requests

Some features may not be available for all regions or on all Apple devices. For information on the security content of Apple software updates, please visit this website: https://support.apple.com/kb/HT201222

watchOS 9.3

watchOS 9.3 includes new features, improvements and bug fixes, including new Unity Mosaic watch face to honor Black history and culture in celebration of Black History Month.

For information on the security content of Apple software updates, please visit this website: https://support.apple.com/kb/HT201222

macOS Ventura 13.2

This update introduces Security Keys for Apple ID, and includes other enhancements and bug fixes for your Mac.

• Security Keys for Apple ID allow users to strengthen the security of their account by requiring a physical security key to sign in
• Fixes an issue in Freeform where some drawing strokes created with Apple Pencil or your finger may not appear on shared boards
• Fixes an issue where VoiceOver may stop offering audio feedback while you are typing

Some features may not be available for all regions, or on all Apple devices. For detailed information about the security content of this update, please visit: https://support.apple.com/kb/HT201222

Updates to previous platforms

Apple also updates OS releases for devices which could be be updated to latest software. These updates were releases with security fixes:

• iOS 12.5.7
• iOS 15.7.3
• iPadOS 15.7.3
• macOS Big Sur 11.7.3
• macOS Monterey 12.6.3

References:

• Apple Releases watchOS 9.3 With New Watch Face, Bug Fixes
• Apple releases macOS 13.2 with support for Security Keys, 20 security fixes, and more
• Apple gives some older iPhones OS updates, going back to iPhone 5s
• iOS 16.3 Features: Everything New in iOS 16.3

One of the updates coming to upcoming release is availability of iCloud Advanced Data Protection for all users worldwide.

Reference: iOS 16.3 brings iCloud Advanced Data Protection feature to all users worldwide

Apple releases RC for iOS/iPadOS 16.3, macOS 13.2 Ventura, watchOS 9.3 and tvOS 16.3. Apple announced that release will be available next week.

This update includes the following enhancements and bug fixes:
- New Unity wallpaper honors Black history and culture in celebration of Black History Month 
- Security Keys for Apple ID allow users to strengthen the security of their account by requiring a physical security key as part of the two factor authentication sign in process on new devices 
- Support for HomePod (2nd generation) 
- Emergency SOS calls now require holding the side button with the up or down volume button and then releasing in order to prevent inadvertent emergency calls 
- Fixes an issue in Freeform where some drawing strokes created with Apple Pencil or your finger may not appear on shared boards 
- Addresses an issue where the wallpaper may appear black on the Lock Screen 
- Fixes an issue where horizontal lines may temporarily appear while waking up iPhone 14 Pro Max 
- Fixes an issue where the Home Lock Screen widget does not accurately display Home app status 
- Addresses an issue where Siri may not respond properly to music requests 
- Resolves issues where Siri requests in CarPlay may not be understood correctly

Apple

iOS/iPadOS 15.7.3 RC is also released with security bugfixes.

Beta download: Operating Systems

Release notes are not updated for Release Candidate.

References:

• iOS 16.3 coming next week with these new features for iPhone
• Apple Seeds Release Candidate Versions of iOS 16.3 and iPadOS 16.3 to Developers

Apple continues to beta test iOS/iPadOS 16.3, macOS 13.2, watchOS 9.3 and tvOS 16.3. New round of beta versions also comes without new Xcode beta.

No notable changes are reported for this beta round so far.

Beta download: Operating Systems

Release notes notes do not indicate any changes too.

Just yesterday Apple also published new Rapid Security Response to macOS 13.2 beta 1.

References:

• Apple Releases Second Rapid Security Response Update for macOS Ventura 13.2 Beta
• iOS 16.3 beta 2 now rolling out to developers, here’s what’s new so far

Each year during January developers using App Store should submit report on encryption usage in their apps for the past calendar year.

Reports should be emailed to Bureau of Industry and and the ENC Encryption Request Cordinator at crypt-supp8@bis.doc.gov and enc@nsa.gov.

This report must be submitted even if apps only use platform standard encryption components (such as HTTPS connections).

Online tool might be helpful for report generation.

Tool: BIS Annual Self-Classification Report Generator

Earlier last week, a researcher/programmer/ethical hacker Matt Kunze released a blog post detailing a severe vulnerability of Google smart home speakers that could give hackers remote control over the devices. In his blog post, Matt details how the vulnerability was discovered and then explains in frightening detail exactly how this backdoor could be used to access a wide range of commands and actions using the affected Google speaker.

The potential for attack stemmed from a vulnerability that could allow someone to add themselves to the Google Home App. From there, a hacker could control devices connected to the account. Once connected, an attacker could utilize voice commands to activate the microphone on a given device. You can imagine how much chaos could ensue from that point. The device could potentially be used to do anything that the Google speaker was capable of as it relates to any other connected devices in the home.

more:

https://downrightnifty.me/blog/2022/12/26/hacking-google-home.html

Okta has confirmed that it’s responding to another major security incident after a hacker accessed its source code following a breach of its GitHub repositories.

More:

https://www.bleepingcomputer.com/news/security/oktas-source-code-stolen-after-github-repositories-hacked/

Following couple of Rapid Security Responses for iOS 16.2 betas, Apple now tests this update channel on macOS 13.2 beta.

No information behind the contents of this Security Response, probably this is just a test of update delivery mechanism.

Reference: Apple Releases Rapid Security Response Update for macOS Ventura 13.2 Beta

Apple publishes iOS/iPadOS 16.3 beta 1, macOS 13.2 beta 1, watchOS 9.2 beta 1 and tvOS 16.3 beta 1. No corresponding Xcode beta is there yet.

iOS 16.3 and macOS 13.2 beta 1 bring support for hardware security keys for Apple ID second factor announced recently. iOS beta also now shows guidance on HomePod handoff process.

Apple Developer: Get ready with the latest beta releases

Beta download: Operating Systems

Release notes:

• iOS & iPadOS 16.3 Beta Release Notes (no important notes)
• macOS Ventura 13.2 Beta Release Notes
• watchOS 9.3 Beta Release Notes (no important notes)
• tvOS 16.3 Beta Release Notes (no important notes)

References:

• iOS 16.3 and macOS Ventura 13.2 Betas Add Support for Physical Apple ID Security Keys
• iOS 16.3 beta guides users on how to use Handoff from iPhone to HomePod

Following recent RC Apple now releases iOS/iPadOS 16.2, macOS 13.1 Ventura, watchOS 9.2 and tvOS 16.2. Xcode 14.2 is also released.

HomePodOS received corresponding update (which is required for Home updates and Matter support).

Apple also releases security bug fixes for previous OS releases - iOS 15 and macOS 11 Big Sur and macOS 12 Monterey.

This update brings several important updates:

• iCloud Advanced Data Protection;
• Support for Rapid Security Responses;
• Freeform application;
• Apple Music Sing;
• New Apple Watch workout modes;
• Apple Home reliability improvements;
• iPadOS external display support.

Apple Newsroom: Apple launches Freeform: a powerful new app designed for creative collaboration

References:

• iOS 16.2 rolling out today with Apple Music Sing, Freeform app, much more
• Apple Releases New HomePod 16.2 Software
• Apple Releases iOS 16.2 and iPadOS 16.2 With Freeform, Apple Music Sing, Advanced Data Protection and More
• Apple Releases watchOS 9.2 With Outdoor Workout Improvements, Crash Detection Optimizations, Noise App Tweaks and More
• Apple Releases tvOS 16.2 with Apple Music Sing, TV App Tweaks and More
• iPadOS 16.2 and Stage Manager for External Displays: Work in Progress, But Worth the Wait
• Apple Releases macOS Ventura 13.1 With Freeform, Advanced Data Protection, Find My Improvements and More
• Freeform Leverages the Freedom and Flexibility of a Blank Canvas
• Apple's Advanced Data Protection feature is here - what you need to know
• iPadOS 16.2 brings these improvements for Stage Manager, plus AirTag tracking alerts
• Hands on with Apple's Freeform collaborative brainstorming app
• watchOS 9.2 now available for Apple Watch; here’s everything new
• iOS 16.2 patches over a dozen security vulnerabilities, iOS 15.7.2 also available with fixes
• Apple Music launches collection of playlists with songs perfect for ‘Sing’ karaoke feature
• iOS 16.2 and iPadOS 16.2
• macOS 13.1
• iOS 16.2 and iPadOS 16.2 Fix Over 30 Security Vulnerabilities
• Xcode 14.2 released with support for iOS 16.2, macOS Ventura 13.1
• Xcode 14.2 Release
• Apple Watch Ultra gains battery improvement with watchOS 9.2 and Multisport workouts
• New Apple Music Sing Playlists Now Available in iOS 16.2
• 9to5Mac Daily: December 13, 2022 – Everything new in iOS 16.2, macOS 13.1, and more
• iOS 16.2 Features: Everything New in iOS 16.2