The latest updates for macOS and iOS not only brought new functions, but also closed numerous security gaps. Almost 60 vulnerabilities have been eliminated in macOS alone. In addition to macOS Big Sur, the previous versions have also recently received security updates.
With the most recently distributed updates for all users on iOS 14.3 / iPadOS 14.3 and macOS Big Sur, Apple not only brought some new features and fixed bugs, the updates also have one whole series of security holes stuffed. In macOS alone, a total of 59 vulnerabilities were eliminated.
These were found in the current macOS Big Sur, which was updated to version 11.1, as well as in its predecessor macOS Catalina and macOS Mojave.
Holes in numerous components
The components affected here are the App Store, Audio, Bluetooth, CoreAudio, CoreText, FontParser, Graphics Driver, HomeKit, ImageIO, Kernel, WebRTC and Wi-Fi. For example, attackers were able to smuggle in and execute code remotely. This was possible through manipulated fonts and audio files. It was also possible for an attacker to execute their own code with kernel rights using a vulnerability in the Intel graphics driver. Further loopholes allowed malware to expand its usage rights.
Some of these gaps were also found in iOS, where they could be used, for example, to smuggle code into the system with a manipulated image file. A particularly critical vulnerability was also eliminated in iOS 12.5, which transports the corona contact tracking interface as the main payload.
In addition to macOS Big Sur, macOS Catalina and macOS Mojave were also provided with corresponding security updates by Apple.