{"id":85402,"date":"2019-01-23T18:42:59","date_gmt":"2019-01-24T02:42:59","guid":{"rendered":"https:\/\/www.intego.com\/mac-security-blog\/?p=85402"},"modified":"2019-05-08T20:38:54","modified_gmt":"2019-05-09T03:38:54","slug":"apple-releases-ios-12-1-3-macos-mojave-10-14-3-and-more-security-updates","status":"publish","type":"post","link":"https:\/\/www.intego.com\/mac-security-blog\/apple-releases-ios-12-1-3-macos-mojave-10-14-3-and-more-security-updates\/","title":{"rendered":"Apple releases iOS 12.1.3, macOS Mojave 10.14.3, and more security updates"},"content":{"rendered":"

\"\"<\/p>\n

This week Apple released updates for its iOS, watchOS, tvOS, and macOS operating systems, as well as for Safari for macOS and iCloud for Windows. Let’s take a look at what’s new\u2014both in terms of bug fixes and security improvements.<\/p>\n

iOS 12.1.3<\/h3>\n

Apple’s release notes listed iOS 12.1.3 as an update that:<\/p>\n

– Fixes an issue in Messages that could impact scrolling through photos in the Details view
\n– Addresses an issue where photos could have striped artifacts after being sent from the Share Sheet
\n– Fixes an issue that may cause audio distortion when using external audio input devices on iPad Pro (2018)
\n– Resolves an issue that could cause certain CarPlay systems to disconnect from iPhone XR, iPhone XS, and iPhone XS Max<\/p>\n

This release also includes bug fixes for HomePod. This update:<\/p>\n

– Fixes an issue that could cause HomePod to restart
\n– Addresses an issue that could cause Siri to stop listening<\/p><\/blockquote>\n

But there is more going on under the hood of course, including more than 31 security fixes. Here are a few notable ones:<\/p>\n

Bluetooth<\/strong>
\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation
\nImpact: An attacker in a privileged network position may be able to execute arbitrary code
\nDescription: An out-of-bounds read was addressed with improved input validation.<\/p><\/blockquote>\n

CoreAnimation<\/strong>
\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation
\nImpact: A malicious application may be able to read restricted memory
\nDescription: An out-of-bounds read was addressed with improved bounds checking.<\/p><\/blockquote>\n

FaceTime<\/strong>
\nAvailable for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation
\nImpact: A remote attacker may be able to initiate a FaceTime call causing arbitrary code execution
\nDescription: A buffer overflow issue was addressed with improved memory handling.<\/p><\/blockquote>\n

As you can see, some effort was put into making sure malicious applications and remote attackers cannot have their way with your data. At the core of the operating system, the kernel also received some attention; six issues were addressed that could have allowed a malicious application to access shared memory or run code with elevated privileges.<\/p>\n

Safari and many other parts of the operating system rely on the WebKit framework, and as usual, there is no shortage of WebKit related fixes in this release; nine issues were patched in total.<\/p>\n

With more than 31 security related issues addressed, iOS 12.1.3 is an update that should be installed sooner rather than later. As always, back up your iOS device<\/a> prior to updating just in case something does not go as planned.<\/p>\n

The full list of security fixes can be found here<\/a>. iOS users can update by going to Settings<\/strong> > General<\/strong> > Software Update<\/strong> on their devices, or by connecting the device to their computer where iTunes can download and install the update.<\/p>\n

watchOS 5.1.3 and\u00a0tvOS 12.1.2<\/h3>\n

Apple released OS updates for Apple Watch (Series 1 and later) and for Apple TV (fourth and fifth generation), with seemingly no reported non-security features or fixes\u2014but there are 17 or 24 reasons to update, respectively.<\/p>\n

Most of the issues addressed in watchOS and tvOS are the same as those addressed in iOS. To read the details, you can find the security content information at the below links:<\/p>\n

About the security content of tvOS 12.1.2<\/a>
\nAbout the security content of watchOS 5.1.3<\/a><\/p>\n

The tvOS update can be downloaded directly from the Apple TV by going to Settings<\/strong> > System<\/strong> > Update Software<\/strong>.<\/p>\n

The watchOS update can be installed by connecting the Apple Watch to its charger, then on the iPhone open the Apple Watch app<\/strong> > My Watch tab<\/strong> > General<\/strong> > Software Update<\/strong>.<\/p>\n

Safari 12.0.3 for macOS<\/h3>\n

Safari 12.0.3 (available for macOS Sierra 10.12.6, macOS High Sierra 10.13.6, and macOS Mojave 10.14.3) brings no new features but addresses ten security issues, mostly focused on WebKit.<\/p>\n

The list of security fixes that were addressed can be found here<\/a>. To install this update, visit the Updates tab<\/strong> of the App Store app<\/strong> on macOS High Sierra or Sierra, or on Mojave go to Apple menu<\/strong> > System Preferences…<\/strong> > Software Update<\/strong>.<\/p>\n

macOS Mojave 10.14.3, Security Update 2019-001 High Sierra and Security Update 2019-001 Sierra<\/h3>\n

Listed simply as updates that “improve the security, stability and compatibility of your Mac,” no new features were announced for Mojave users, but between the three macOS versions, at least 23 security issues were addressed in total\u2014of which 18 are for Mojave, 16 are for High Sierra, and 12 are for Sierra. Some of these fixes include:<\/p>\n

FaceTime
\n<\/strong>Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.2
\nImpact: A remote attacker may be able to initiate a FaceTime call causing arbitrary code execution
\nDescription: A buffer overflow issue was addressed with improved memory handling.<\/p><\/blockquote>\n

Bluetooth
\n<\/strong>Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.2
\nImpact: An attacker in a privileged network position may be able to execute arbitrary code
\nDescription: An out-of-bounds read was addressed with improved input validation.<\/p><\/blockquote>\n

Hypervisor
\n<\/strong>Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6
\nImpact: A malicious application may be able to elevate privileges
\nDescription: A memory corruption issue was addressed with improved state management.<\/p><\/blockquote>\n

Intel Graphics Driver
\n<\/strong>Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6
\nImpact: A malicious application may be able to execute arbitrary code with system privileges
\nDescription: A memory consumption issue was addressed with improved memory handling.<\/p><\/blockquote>\n

Some Macs with a T2<\/a> chip reportedly<\/a> also received an EFI firmware update.<\/p>\n

Apple’s full list of security related fixes for the update can be found here<\/a>.<\/p>\n

macOS Sierra and High Sierra users can find the security update in the App Store app under the Updates tab. Mojave users should visit the Software Update pane in System Preferences (Apple menu<\/strong> >\u00a0System Preferences…<\/strong> > Software Update<\/strong>) instead; on Mojave the App Store app will no longer list operating system updates.<\/p>\n

Whether you’re using iOS or macOS, always back up your data prior to installing any updates. This gives you a restore point in case something does not go as planned.<\/p>\n

See also our related article on checking your macOS backups:<\/p>\n

How to Verify Your Backups are Working Properly<\/a><\/p><\/blockquote>\n