With the release of iOS 14 and iPadOS 14 this week, technology giant Apple has fixed almost a dozen flaws and has come up with new privacy features.
Each of the addressed security faults affects a different section of the operating system, viz. AppleAVD, Assets, Icons, IDE Device Support, IOSurfaceAccelerator, Keyboard, Model I/O, Phone, Sandbox, Siri, and WebKit.
The issues could lead to applications triggering a system crash or writing kernel memory, recognizing other fixed applications, leaking user information, or retrieving limited files; may let hackers download malicious content, perform arbitrary code, or view notification contents from the lockscreen. Also, it is likely to result in random code execution or a cross-site scripting attack, while allowing a user to read kernel memory.
As well as security fixes, the updates bring various other enhancements also, including new security and privacy features, such as announcements when the camera or microphone are recording, or when data is copied and pasted.
Beginning with the new platform repetition, users can refute applications’ access to exact location, and are also well-versed on applications requesting local network access. Also, they can leverage a new feature that delivers a random “private” MAC address when trying to link to a Wi-Fi network.
This week, Apple also declared the accessibility of security covers in watchOS 7.0. Safari 14.0 was issued this week with fixes for four WebKit bugs that could result in arbitrary code execution or cross-site scripting attacks.
Moreover, Apple announced the issue of Xcode 12.0, which covers a bug in IDE Device Support that could let “an attacker in a privileged network position […] to execute arbitrary code on a paired device during a debug session over the network.”