Reprinted from TidBITS by permission; reuse governed by Creative Commons license BY-NC-ND 3.0. TidBITS has offered years of thoughtful commentary on Apple and Internet topics. For free email subscriptions and access to the entire TidBITS archive, visit http://www.tidbits.com/ watchOS 7.3, iOS 14.4, iPadOS 14.4, and tvOS 14.4 Address Serious Security Exploit Josh Centers It's release week again. In its first updates of 2021, Apple has pushed out updates to all platforms other than macOS, and we expect macOS 11.2 Big Sur will appear shortly. Unusually, the most significant update this time around is for watchOS 7.3, which adds a fun new African-themed watch face for Black History Month. iOS 14.4 and iPadOS 14.4 receive a few welcome tweaks, as does HomePod Software Version 14.4, but Apple doesn't list any changes to tvOS 14.4. All the updates also address a serious security vulnerability that Apple says may have been actively exploited in the wild. From a feature standpoint, there's no need to install these updates quickly. However, given the serious nature of the security vulnerabilities, we recommend updating sooner rather than later. Give things a day or two, but if no problems crop up right away, push the button and get these updates. watchOS 7.3 The most notable feature in [1]watchOS 7.3 is a new Unity watch face to [2]celebrate Black History Month. It features the three colors of the Pan-African flag'black, green, and red'in a pattern that shifts as the watch moves. You can add the face to your Apple Watch in the Watch app on your iPhone by tapping the Face Gallery tab, tapping the Unity face, and tapping Add. The release notes for watchOS 7.3 also advertise the new Time to Walk feature of Apple Fitness+, but it was already available in watchOS 7.2 (see '[3]New Apple Fitness+ Perk Encourages Users to Take a Hike,' 25 January 2021). Good news for international Apple Watch users! Irregular heart rhythm notifications are now available in Japan, Mayotte, Philippines, Taiwan, and Thailand, and users in Japan, Mayotte, Philippines, and Thailand can now access the ECG app. Finally, the release notes detail a bug fix for the Zoom feature that could render Control Center and Notification Center unresponsive. The security notes for watchOS 7.3 include just [4]one CVE security entry, but it's a kernel vulnerability that could allow a malicious app to elevate privileges, and Apple says it may have already been exploited in the wild. watchOS 7.3 is a 165 MB download for an Apple Watch Series 4. To install the update, open the Watch app on your iPhone and go to My Watch > General > Software Update. Remember that the watch must be on its charger and charged to at least 50%. iOS 14.4 and iPadOS 14.4 The [5]iOS 14.4 update offers three tweaks: the capability to recognize smaller QR codes, an option to classify Bluetooth device types in Settings > Bluetooth so you get audio notifications on the right device, and notifications if the camera in an iPhone 12 model can't be verified as an authentic Apple camera. That last note is interesting. Independent repairman Hugh Jeffreys tried [6]swapping the rear cameras in two identical iPhone 12 models, only to find that they did not work properly and often froze the Camera app. Swapping the cameras back fixed the problem. The implication is that the cameras in the iPhone 12 are coded to the phone and would have to be reprogrammed by Apple, thus preventing third-party repair, even when using genuine Apple parts. We're curious to see if iOS 14.4 changes this behavior in some way. iOS 14.4 also fixes bugs that: * Caused image artifacts in HDR photos taken with an iPhone 12 Pro * Prevented the Fitness widget from displaying up-to-date Activity data * Delayed typing and prevented word suggestions from appearing * Brought the keyboard up in Messages in the wrong language * Prevented audio stories from the News app in CarPlay from resuming properly after being paused for spoken directions or Siri * Caused Switch Control to block answering phone calls from the Lock Screen. On the iPad side of the fence, [7]iPadOS 14.4 is also out, with a subset of those changes. iOS 14.4 and iPadOS 14.4 share the same [8]two CVE security entries, one for the aforementioned kernel exploit and another for a WebKit vulnerability that could allow a remote attacker to cause arbitrary code execution. This second vulnerability has also been reported in the wild. You can install the 344.6 MB iOS 14.4 update (on an iPhone 11 Pro) from Settings > General > Software Update. The iPadOS 14.4 update weighs in at 310 MB on a 10.5-inch iPad Pro. HomePod Software Version 14.4 Apple also rolled out [9]HomePod Software Version 14.4, which takes advantage of the U1 chip in newer iPhones to hand off music from a nearby iPhone to a HomePod mini, get personalized listening suggestions on an iPhone when it's next to a HomePod mini, and automatically display media controls on an iPhone when it's next to a HomePod mini. Left to its own devices (an amusing phrase in this context), your HomePod mini should update itself. If you don't want to wait for that to happen, open the Home app, and if an Update Available button appears, tap it. Otherwise, touch and hold the HomePod tile, tap the gear icon to enter settings, and then tap Install near the top of the screen. tvOS 14.4 Last, and definitely least, Apple has released [10]tvOS 14.4. It suffers from a complete dearth of release notes, but its [11]security notes include mention of the kernel exploit. To install tvOS 14.4 update, go to Settings > System > Software Update, or just let it install on its own. References Visible links 1. https://support.apple.com/en-us/HT211815#73 2. https://www.apple.com/newsroom/2021/01/apple-celebrates-black-history-month/ 3. https://tidbits.com/2021/01/25/new-apple-fitness-perk-encourages-users-to-take-a-hike/ 4. https://support.apple.com/en-us/HT212148 5. https://support.apple.com/en-us/HT211808#144 6. https://youtu.be/FY7DtKMBxBw?t=553 7. https://support.apple.com/en-us/HT211807#144 8. https://support.apple.com/en-us/HT212146 9. https://support.apple.com/en-us/HT208714#144 10. https://support.apple.com/en-us/HT207936 11. https://support.apple.com/en-us/HT212149 Hidden links: 12. https://tidbits.com/wp/../uploads/2021/01/Black-History-Month-Apple-Watch-front.jpg 13. https://tidbits.com/wp/../uploads/2021/01/iOS-14.4-vulnerabilities.png .