Security News > 2020 > January > Apple Patches Tens of Vulnerabilities in iOS, macOS Catalina
Apple this week released software updates to address tens of security flaws in iOS, iPadOS, macOS Catalina, and other products.
A total of 23 vulnerabilities were addressed in iOS 13.3.1 and iPadOS 13.3.1, now rolling out for iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation.
There were 32 vulnerabilities addressed with the release of macOS Catalina 10.15.3 and security updates for macOS Mojave and High Sierra - the patches apply to macOS High Sierra 10.13.6, macOS Mojave 10.14.6, and macOS Catalina 10.15.2.
Apple says the bugs could be exploited to execute arbitrary code on an affected system, determine kernel memory layout, read restricted memory, trigger a heap corruption, overwrite files, or bypass Gatekeeper, among others.
The newly released tvOS 13.3.1 includes patches for 14 vulnerabilities in Audio, ImageIO, IOAcceleratorFamily, IPSec, Kernel, libxpc, WebKit, and wifivelocityd, which could lead to arbitrary code execution, privilege escalation, or heap corruption, or could allow applications to read restricted memory or determine kernel memory layout.
- Apple will disable insecure TLS in future iOS, macOS releases (source)
- Urgent Apple iOS and macOS Updates Released to Fix Actively Exploited Zero-Days (source)
- Apple fixes iOS zero-day used to deploy NSO iPhone spyware (source)
- Unpatched High-Severity Vulnerability Affects Apple macOS Computers (source)
- Unpatched Apple Zero-Day in macOS Finder Allows Code Execution (source)
- Apple tried to patch this security hole in macOS Finder but didn't consider upper and lowercase characters (source)
- Cisco fixes highly critical vulnerabilities in IOS XE Software (source)
- Exploit code released for three iOS 0-days that Apple failed to patch (source)
- Researcher drops three iOS zero-days that Apple refused to fix (source)
- Frustrated dev drops three zero-day vulns affecting Apple iOS 15 after six-month wait (source)