Security News > 2020 > March > Apple iOS 13.4 offers fixes for 30 vulnerabilities

Apple iOS 13.4 offers fixes for 30 vulnerabilities
2020-03-26 09:20

Apple has just announced its latest something for everyone security and feature updates for iOS, iPadOS, macOS, watchOS, and tvOS. In terms of security, the attention grabber is iOS/iPad 13.4, which fixes 30 CVEs.

As usual, WebKit browser engine and Safari gave Apple plenty to fix, all but one of which were found by sources outside the company, including an arbitrary code execution flaw, CVE-2020-3899, credited to Google's open source fuzzing tool, OSS-Fuzz.

It wouldn't be an Apple update without at least one fix for FaceTime, CVE-2020-3881.

Safari reaches 13.1 with fixes for 11 CVE bugs, all but one of which are, predictably, the same WebKit flaws fixed separately in iOS 13.4.

On a Mac, go to the Apple menu, choose About This Mac and click Software Update.


News URL

https://nakedsecurity.sophos.com/2020/03/26/apple-ios-13-4-offers-fixes-for-30-vulnerabilities/

Related news

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2020-04-01 CVE-2020-3881 Information Exposure vulnerability in Apple mac OS X
A logic issue was addressed with improved state management.
local
low complexity
apple CWE-200
2.1
2.1
2020-04-01 CVE-2020-3899 Unspecified vulnerability in Apple products
A memory consumption issue was addressed with improved memory handling.
network
apple
critical
 9.3
9.3

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Apple 135 582 4214 1624 2414 8834