Security News > 2020 > March > Apple Update Fixes WebKit Flaws in iOS, Safari

Apple has released a slew of patches across its iOS and macOS operating systems, Safari browser, watchOS, tvOS and iTunes.

Of the CVEs disclosed, 30 affected Apple's iOS, 11 impacted Safari and 27 affected macOS. Users for their part are urged to update to iOS 13.4, Safari 13.1 and macOS Catalina 10.15.3.

While Apple typically is initially tight lipped when it comes to vulnerability details in security updates, it did outline eight flaws that were fixed in Apple's WebKit browser engine, which could enable anything from cross-site scripting attacks to remote code execution in iOS and Safari.

Other iOS vulnerabilities of note include a Bluetooth flaw, stemming from a logic issue, that could enable an attacker "In a privileged network position" intercept Bluetooth traffic; a use after free issue in the iOS image processing tool that could allow an application to execute arbitrary code with system privileges; and, a logic issue in the Messages app that could allow a person with physical access to a locked iOS device to respond to messages - even when replies are disabled.

On a related note, Apple also this week said that it Safari browser now blocks third-party cookies, alongside some changes to Apple's Intelligent Tracking Prevention in iOS and iPadOS 13.4.Do you suffer from Password Fatigue? On Wednesday April 8 at 2 p.m. ET join Duo Security and Threatpost as we explore a passwordless future.

News URL

https://threatpost.com/apple-update-fixes-webkit-flaws-in-ios-safari/154155/