Security Architecture, Endpoint/Device Security, Endpoint/Device Security, Security Strategy, Plan, Budget, Vulnerability Management, Patch/Configuration Management, Endpoint/Device Security, Endpoint/Device Security, Endpoint/Device Security

Apple releases more than 30 security patches

Apple released updates across eight product lines with several having more than a dozen issues addressed.

Apple does not rate the severity of each vulnerability, but does break them all down for its users.

One batch of 13 vulnerabilities was shared across three products, iCloud for Windows versions 10.9.3, 7.18 and iTunes 12.10.5 . Five of these enabling an attacker to execute code if exploited.

iOS 13.4 and iPadOS 13.4 with 30 CVEs had the most vulnerabilities patched with Sophos noting Kernel bugs CVE-2020-9785 and CVE-2020-3919 and CVE-2020-3914 are particularly dangerous and require immediate patching. It also included in this category Webkit vulnerability CVE-2020-3899, that can allow arbitrary code execution.

The remaining updates included:

  • Safari 13 had 11 vulnerabilities patched five that could result in code execution.
  • watchOS 6.2 covered 17 CVEs four or which could allow an attacker to execute arbitrary code with kernel privileges.
  • tvOS 13.4 had 20 issues covered, two of which could allow someone to read restricted memory.
  • macOS Catalina 10.15.4 had 27 patches rolled out six that could result in arbitrary code execution.
  • Xcode 11.4 also had an update but as per Apple policy it will not disclose the details or confirm security issues until an investigation has occurred and patches or releases are available. 

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.