Apple Confirms 30 Compelling Security Reasons To Install iOS 13.4 Right Now

Apple Confirms 30 Compelling Security Reasons To Install iOS 13.4 Right Now

The release of iOS 13.4 by Apple earlier this week was met with the usual mixture of joy and concern. Joy regarding the introduction of new Memoji stickers and iCloud folder sharing, concern over some bugs that have already been reported.

However, there can be no denying that this is a considerable update to iOS, in physical and feature terms. It’s also huge by way of the number of security vulnerabilities that have been patched, a total of no less than 30 in fact. Thirty very compelling reasons why you shouldn’t delay updating to iOS 13.4 as soon as possible.

Operating system and software updates have been in the news rather a lot over the last week or two. Microsoft took the unprecedented decision to put the optional non-security updates for Windows 10 on hold while Google first paused updates to Chrome and then quickly resumed them. When it comes to Apple, however, there has been no talk of putting iOS updates on hold. Far from it, in fact, Apple has not only just released a massive update in the form of iOS 13.4 but has confirmed a whole bunch of security reasons as to why you should install it right now.

Somewhat ironically, things are never strictly black and white in the binary world of technology and updating to iOS 13.4 is no exception. As Zak Doffman reported on March 26, there’s a vulnerability in iOS 13.1 onwards that can leave VPN users potentially leaking data to the open internet. That vulnerability is not patched by Apple in iOS 13.4, but a total of 30 others have. Those, dear readers, are the 30 compelling reasons to install iOS 13.4 that Apple has confirmed. Thirty reasons, I would argue, that leapfrog any other concerns you may be having when it comes to hitting the install update button. Although Apple doesn’t, somewhat annoyingly for a cybersecurity reporter, rate the severity of the vulnerabilities within its advisories, I can see that some of these would be high, if not critical, were it so to do. Vulnerabilities that could allow a malicious application to elevate privileges, execute arbitrary code with system privileges, kernel privileges or read restricted memory to name but four.

In my never humble opinion, running your Apple device, be that an iPhone or iPad, on any operating system with known security vulnerabilities that have been patched by an uninstalled update is never a good idea. Period

Here are all 30 compelling reasons to update to iOS 13.4 now

Apple has confirmed all 30 security vulnerabilities in a security content document. Here is the full list of vulnerabilities that affect iPhone 6s onwards, iPad Air 2 onwards, iPad mini 4 onwards and iPod touch 7th generation.

CVE-2020-3917

ActionKit – “An application may be able to use an SSH client provided by private frameworks.”

CVE-2020-3883

AppleMobileFileIntegrity – “An application may be able to use arbitrary entitlements.”

CVE-2020-9770

Bluetooth – “An attacker in a privileged network position may be able to intercept Bluetooth traffic.”

CVE-2020-3913

CoreFoundation – “A malicious application may be able to elevate privileges.”

CVE-2020-3916

Icons – “Setting an alternate app icon may disclose a photo without needing permission to access photos.”

CVE-2020-9773

Icons – “A malicious application may be able to identify what other applications a user has installed”

CVE-2020-9768

Image Processing – “An application may be able to execute arbitrary code with system privileges.”

CVE-2020-3919

IOHIDFamily – “A malicious application may be able to execute arbitrary code with kernel privileges.”

CVE-2020-3914

Kernel – “An application may be able to read restricted memory.”

CVE-2020-9785

Kernel – “A malicious application may be able to execute arbitrary code with kernel privileges.”

CVE-2020-3910

libxml2 – “Multiple issues in libxml2”

CVE-2020-3909 and CVE-2020-3911

libxml2 – “Multiple issues in libxml2”

CVE-2020-9780

Mail – “A local user may be able to view deleted content in the app switcher.”

CVE-2020-9777

Mail Attachments – “Cropped videos may not be shared properly via Mail.”

CVE-2020-3891

Messages – “A person with physical access to a locked iOS device may be able to respond to messages even when replies are disabled.”

CVE-2020-3890

Messages Composition – “Deleted messages groups may still be suggested as an autocompletion.”

CVE-2020-9775

Safari – “A user’s private browsing activity may be unexpectedly saved in Screen Time.”

CVE-2020-9781

Safari – “A user may grant website permissions to a site they didn’t intend to.”

CVE-2020-3888

Web App – “A maliciously crafted page may interfere with other web contexts.”

CVE-2020-3894

WebKit – “An application may be able to read restricted memory.”

CVE-2020-3899

WebKit – “A remote attacker may be able to cause arbitrary code execution.”

CVE-2020-3902

WebKit – “Processing maliciously crafted web content may lead to a cross-site scripting attack.”

CVE-2020-3895 and CVE-2020-3900

WebKit – “Processing maliciously crafted web content may lead to arbitrary code execution.”

CVE-2020-3901

WebKit – “Processing maliciously crafted web content may lead to arbitrary code execution.”

CVE-2020-3887

WebKit – “A download’s origin may be incorrectly associated.”

CVE-2020-9783

WebKit – “Processing maliciously crafted web content may lead to code execution.”

CVE-2020-3897

WebKit – “A remote attacker may be able to cause arbitrary code execution.”

CVE-2020-3885

WebKit Page Loading – “A file URL may be incorrectly processed.”

Leave a Reply

Your email address will not be published. Required fields are marked *