![\"\"](\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2019\/03\/ios-software-update-available-icon-600x300-e1558142227486.png\"){kind=icon}
This week, Apple released updates to all of its operating systems, Safari for Mac, and other software. Here’s a brief rundown of new features and security related fixes included with each update.<\/p>\nThis week, Apple released updates to all of its operating systems, Safari for Mac, and other software. Here’s a brief rundown of new features and security related fixes included with each update.<\/p>\n
Listed as an update that provides support for Apple News+<\/a>, adds the ability for Siri to play videos from your iOS device to Apple TV, and includes four new Animoji. The update also includes bug fixes and improvements.<\/p>\n But this update does not just contain new features and enhancements; it also contains a whopping 51 security fixes<\/strong>. A few of the highlights:<\/p>\n FaceTime file GeoServices Mail Privacy Several serious kernel, WebKit, and other vulnerabilities were fixed. All in all, a huge number of security bugs were addressed in this update, so it is strongly recommended to install it sooner rather than later.<\/p>\n The full list of security issues addressed can be found here<\/a>. iOS 12.2 can be downloaded over the air by going to Settings<\/strong> > General<\/strong> > Software Update<\/strong>. You can also connect your iOS device to your Mac (or Windows PC) and install the update via the iTunes app.<\/p>\n Notably, Apple still has not addressed the iOS Safari issue that allows anyone to send fake news headlines<\/a><\/strong> to other iMessage users.<\/p>\n Available for the Apple TV HD\u2014formerly known as the Apple TV (4th generation)\u2014and Apple TV 4K, 36 security issues were addressed. Most of them the same as those addressed in iOS 12.2; the kernel, WebKit, and Siri all had some work done to make them more secure. Feature wise, the Apple TV only gains the ability to play videos that you ask Siri to play on your iOS device.<\/p>\n The full list of security issues addressed can be found here<\/a>. The tvOS update can be downloaded directly from the Apple TV by going to Settings<\/strong> > System<\/strong> > Update Software<\/strong>.<\/p>\n The latest version of Safari for Mac\u2014available for macOS Mojave, High Sierra, and Sierra users\u2014brings a few enhancements that improve overall security.<\/p>\n Safari will now let you know when a website is loaded without encryption, this warning is displayed in the address bar. Support for the Do Not Track standard (which had good intentions, but never gained widespread advertisers)\u00a0has been removed<\/a> as well. Adoption of this standard was low and having it enabled actually made the browser more identifiable online as the setting becomes part of your browser fingerprint. 20 security related issues were addressed of which 18 are for WebKit and 2 are for Safari Reader.<\/p>\n The full list of security issues addressed can be found here<\/a>. The new Safari 12.1 can be downloaded through the Updates<\/strong> tab of the App Store<\/strong>. For macOS Mojave users it is included in macOS 10.14.4<\/p>\n Last but not least, macOS got some update love. Security Updates for Sierra and High Sierra users and a security + feature update for Mojave users. Mojave now supports Apple News+, Safari adds Dark Mode support for websites with custom color schemes and iTunes enhanced the editorial highlights in the Browse tab. Also added was support for the 2nd generation AirPods. Further enhancements and fixes to the OS include:<\/p>\n Of course there are more security related fixes included as well, 38 to be exact. These include:<\/p>\n Bom DiskArbitration Graphics Drivers Security Time Machine There is some overlap with the security fixes in iOS and tvOS due to shared code among OS versions. The earlier mentioned FaceTime pause bug is one of them.<\/p>\n The full list of security issues addressed can be found here<\/a>. macOS Sierra and High Sierra users can find the security update in the App Store app under the Updates tab. Mojave users should visit the Software Update pane in System Preferences (Apple menu<\/strong> > System Preferences…<\/strong> > Software Update<\/strong>) instead; on Mojave the App Store app will no longer list operating system updates. At the time of writing a Combo Update was not yet available for download.<\/p>\n Although the other updates listed above were released on Monday, Apple waited until Wednesday to release the watchOS update; it’s unclear why there was a delay.<\/p>\n Since watchOS shares much of its code with iOS and tvOS, many the same vulnerabilities were fixed (29 in all; see the full list here<\/a>).<\/p>\n Aside from security updates, watchOS 5.2 expands support for the ECG app and irregular heart rhythm notifications to Hong Kong and some regions of Europe (listed here<\/a>), and supports AirPods (2nd generation).<\/p>\n To update to watchOS 5.2, you must first update your iPhone to iOS 12.2, then connect the watch to its charger, then on the iPhone open the Apple Watch app<\/strong> > My Watch tab<\/strong> > General<\/strong> > Software Update<\/strong>\u00a0and tap\u00a0Download and Install<\/strong>.<\/p>\n Apple’s software development app, Xcode, also received an update that fixed one security vulnerability (listed here<\/a>). Oddly, the security bug addressed by this update seems to have been patched in all of Apple’s operating systems in early December 2018.<\/p>\n Apple also released updates for the Windows versions of its software, namely\u00a0iTunes 12.9.4 for Windows (19 vulnerabilities, detailed\u00a0here<\/a>) and\u00a0iCloud for Windows 7.11 (20 vulnerabilities, detailed\u00a0here<\/a>).<\/p>\n Most of the security issues fixed were the same WebKit vulnerabilities addressed in the software listed above.<\/p>\n Whether you’re using iOS or macOS, always back up your data prior to installing any updates. This gives you a restore point in case something does not go as planned.<\/p>\n See also our related article on checking your macOS backups:<\/p>\n How to Verify Your Backups are Working Properly<\/a><\/p><\/blockquote>\n
\n<\/strong>Impact: A user\u2019s video may not be paused in a FaceTime call if they exit the FaceTime app while the call is ringing
\nDescription: An issue existed in the pausing of FaceTime video. The issue was resolved with improved logic.<\/p><\/blockquote>\n
\n<\/strong>Impact: Processing a maliciously crafted file might disclose user information
\nDescription: An out-of-bounds read was addressed with improved bounds checking.<\/p><\/blockquote>\n
\n<\/strong>Impact: Clicking a malicious SMS link may lead to arbitrary code execution
\nDescription: A memory corruption issue was addressed with improved validation.<\/p><\/blockquote>\n
\n<\/strong>Impact: Processing a maliciously crafted mail message may lead to S\/MIME signature spoofing
\nDescription: This issue was addressed with improved checks.<\/p><\/blockquote>\n
\n<\/strong>Impact: A malicious app may be able to track users between installs
\nDescription: A privacy issue existed in motion sensor calibration. This issue was addressed with improved motion sensor processing.<\/p><\/blockquote>\ntvOS 12.2<\/h3>\n
Safari 12.1<\/h3>\n
macOS 10.14.4, Security Update 2019-002 High Sierra, and Security Update 2019-002 Sierra<\/h3>\n
\n
\n<\/strong>Available for: macOS Mojave 10.14.3
\nImpact: A malicious application may bypass Gatekeeper checks
\nDescription: This issue was addressed with improved handling of file metadata.<\/p>\n
\n<\/strong>Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS Mojave 10.14.3
\nImpact: An encrypted volume may be unmounted and remounted by a different user without prompting for the password
\nDescription: A logic issue was addressed with improved state management.<\/p>\n
\n<\/strong>Available for: macOS Mojave 10.14.3
\nImpact: An application may be able to read restricted memory
\nDescription: An out-of-bounds read was addressed with improved bounds checking.<\/p>\n
\n<\/strong>Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS Mojave 10.14.3
\nImpact: A malicious application may be able to read restricted memory
\nDescription: An out-of-bounds read was addressed with improved bounds checking.<\/p>\n
\n<\/strong>Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS Mojave 10.14.3
\nImpact: A local user may be able to execute arbitrary shell commands
\nDescription: This issue was addressed with improved checks.<\/p><\/blockquote>\nwatchOS 5.2<\/h3>\n
Xcode 10.2<\/h3>\n
Apple software updates for Windows<\/h3>\n
Back up your Macs and iOS devices before updating<\/h3>\n