Reprinted from TidBITS by permission; reuse governed by Creative Commons
license BY-NC-ND 3.0. TidBITS has offered years of thoughtful commentary
on Apple and Internet topics. For free email subscriptions and access to the
entire TidBITS archive, visit http://www.tidbits.com/


Apple Updates Numerous Operating Systems for Exploited Security Vulnerabilities

   Adam Engst

   Alongside the features and bug fixes in its non-Mac operating systems
   (see '[1]Apple Releases iOS 14.2, iPadOS 14.2, watchOS 7.1, HomePod
   Software 14.2, and tvOS 14.2,' 5 November 2020), Apple has released
   [2]macOS Catalina 10.15.7 Supplemental Update (with a re-release of
   macOS Catalina 10.15.7 Update for those who haven't yet installed it),
   [3]iOS 12.4.9 (for the iPhone 5s, iPhone 6 and 6 Plus, iPad Air, iPad
   mini 2 and 3, and the sixth-generation iPod touch), [4]watchOS 5.3.9
   (for the Apple Watch Series 1 and later), and [5]watchOS 6.2.9 (for the
   Apple Watch Series 1 and Series 2).

   These updates all address the same three serious security
   vulnerabilities, which could lead to arbitrary code execution or kernel
   memory being disclosed. That's bad, but the real problem is that Apple
   says it is aware of reports that exploits for these vulnerabilities
   exist in the wild. In other words, the bad guys are already using these
   bugs to attack Apple devices.

   The updates for iOS 14.2, iPadOS 14.2, and watchOS 7.1 also close these
   vulnerabilities; tvOS 14.2 has security fixes but apparently isn't
   vulnerable to these particular bugs. Needless to say, we recommend that
   whatever operating system version you're using, if there's an update to
   address these vulnerabilities, we encourage you to install it sooner
   rather than later.

   Once you install macOS Catalina 10.15.7 Supplemental Update, macOS will
   have the build number 19H15, which you can verify by choosing About
   This Mac from the Apple menu and clicking the version number.

   Note that iOS 13 and iPadOS 13 did not receive any updates for these
   vulnerabilities, presumably because Apple expects those users to
   upgrade to iOS 14.2 and iPadOS 14.2.

References

   Visible links
   1. https://tidbits.com/2020/11/05/apple-releases-ios-14-2-ipados-14-2-watchos-7-1-homepod-software-14-2-and-tvos-14-2/
   2. https://support.apple.com/kb/HT211947
   3. https://support.apple.com/kb/HT211940
   4. https://support.apple.com/kb/HT211945
   5. https://support.apple.com/kb/HT211944

   Hidden links:
   6. https://tidbits.com/wp/../uploads/2020/11/Catalina-10.15.7-Supplemental-security-fixes.jpg
   7. https://tidbits.com/wp/../uploads/2020/11/macOS-build-number.jpg

.