Security News > 2020 > March > Apple iOS 13.4 offers fixes for 30 vulnerabilities
Apple has just announced its latest something for everyone security and feature updates for iOS, iPadOS, macOS, watchOS, and tvOS. In terms of security, the attention grabber is iOS/iPad 13.4, which fixes 30 CVEs.
As usual, WebKit browser engine and Safari gave Apple plenty to fix, all but one of which were found by sources outside the company, including an arbitrary code execution flaw, CVE-2020-3899, credited to Google's open source fuzzing tool, OSS-Fuzz.
It wouldn't be an Apple update without at least one fix for FaceTime, CVE-2020-3881.
Safari reaches 13.1 with fixes for 11 CVE bugs, all but one of which are, predictably, the same WebKit flaws fixed separately in iOS 13.4.
On a Mac, go to the Apple menu, choose About This Mac and click Software Update.
News URL
https://nakedsecurity.sophos.com/2020/03/26/apple-ios-13-4-offers-fixes-for-30-vulnerabilities/
Related news
- Global Pressure Mounts for Apple as Brazilian Court Demands iOS Sideloading Within 90 Days (source)
- Apple Backports Critical Fixes for 3 Recent 0-Days Impacting Older iOS and macOS Devices (source)
- Apple Rolls Out iOS 18.4 With New Languages, Emojis & Apple Intelligence in the EU (source)
- Still Using an Older Version of iOS or iPadOS? Update Now to Patch These Critical Security Vulnerabilities (source)
- Apple Patches Two Actively Exploited iOS Flaws Used in Sophisticated Targeted Attacks (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-04-01 | CVE-2020-3881 | Unspecified vulnerability in Apple mac OS X A logic issue was addressed with improved state management. | 5.5 |
| 2020-04-01 | CVE-2020-3899 | Unspecified vulnerability in Apple products A memory consumption issue was addressed with improved memory handling. | 8.8 |