Security News > 2020 > March > Apple Update Fixes WebKit Flaws in iOS, Safari

Apple Update Fixes WebKit Flaws in iOS, Safari
2020-03-25 21:07

Apple has released a slew of patches across its iOS and macOS operating systems, Safari browser, watchOS, tvOS and iTunes.

Of the CVEs disclosed, 30 affected Apple's iOS, 11 impacted Safari and 27 affected macOS. Users for their part are urged to update to iOS 13.4, Safari 13.1 and macOS Catalina 10.15.3.

While Apple typically is initially tight lipped when it comes to vulnerability details in security updates, it did outline eight flaws that were fixed in Apple's WebKit browser engine, which could enable anything from cross-site scripting attacks to remote code execution in iOS and Safari.

Other iOS vulnerabilities of note include a Bluetooth flaw, stemming from a logic issue, that could enable an attacker "In a privileged network position" intercept Bluetooth traffic; a use after free issue in the iOS image processing tool that could allow an application to execute arbitrary code with system privileges; and, a logic issue in the Messages app that could allow a person with physical access to a locked iOS device to respond to messages - even when replies are disabled.

On a related note, Apple also this week said that it Safari browser now blocks third-party cookies, alongside some changes to Apple's Intelligent Tracking Prevention in iOS and iPadOS 13.4.Do you suffer from Password Fatigue? On Wednesday April 8 at 2 p.m. ET join Duo Security and Threatpost as we explore a passwordless future.


News URL

https://threatpost.com/apple-update-fixes-webkit-flaws-in-ios-safari/154155/

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Apple 72 238 1567 2279 265 4349
Webkit 2 0 1 6 0 7