Apple delivers desktop, mobile OS updates, patches dozens of security holes
Plus: Face ID can recognize you with a mask on, kinda
This week Apple released software revisions for its desktop, mobile, watch, and TV operating systems, along with application updates and security patches.
MacOS Monterey got bumped to version 12.3, bringing with it 60 security fixes, eight of which involved potential arbitrary code execution.
The desktop OS update also includes some useful features like Universal Control, a way to use a single mouse and keyboard across multiple Apple devices such as a macOS computer and an iPad. If you've ever wanted to copy data from one bit of kit in order to paste it to another with a mere mouse movement, your ship has come in.
Universal Control is not to be confused with Sidecar, which dates back to macOS Catalina and provides a way to extend a Mac's display space with the extra screen area of an iPad.
The desktop update incorporates Spatial Audio support for M1-based Macs, given the right model AirPods. So with the proper gear, you can experience dynamic head tracking in Apple's Music app.
Finally, macOS 12.3 adds 37 new Emoji, a gender-neutral Siri voice, an episode filter for the Podcasts app, Italian and Chinese (traditional) translation support in Safari, more accurate battery capacity readings, and a few other things.
Apple's iOS 15.4 (and iPadOS 15.4) addresses 39 CVEs and implements support for Face ID authentication when wearing a health-oriented face mask, though only for iPhone 12 and 13. Designated iDevices can manage facial recognition of masked folk even with reading glasses – more so if you bother to set the system up to expect glasses – but not with sunglasses.
Apple acknowledges that face recognition with a mask doesn't work all that well. "Face ID is most accurate when it's set up for full-face recognition only," warns the Face ID setup pane. It will be interesting to see whether devices configured for masked recognition end up authenticating people other than their owners.
The iOS update also includes support for 37 new Emoji, a notification toggle option for Personal Automations in the Shortcuts app, an Apple Card widget in Today view (for seeing one's Apple Card activity), and the ability to add notes to iCloud Keychain password entries. What's more, there's now an option to hide security recommendations about compromised passwords, based on the notion there might be times it would be inconvenient to hector users about weak security.
- Apple, Google urge monopoly watchdog to leave them alone
- 114 billion transistors, one big meh. Apple's M1 Ultra wake-up call
- Just two die for: Apple reveals M1 Ultra chip in Mac Studio
- Apple, Google, Microsoft, Mozilla agree on something: Make web dev lives easier
Those with iCloud+ subscriptions can now set up a custom email domain with iCloud Mail via an iDevice in iOS 15.4. And there's now support for WebAuthn passkeys, which means websites and apps that implement passkey login can allow users to authenticate via Face ID or Touch ID instead of a password.
The iOS update enables Tap to Pay on iPhones, so payments can be made through third-party payment systems that have been taught to handle this particular transaction mode. It also incorporates the same Safari translation additions, Podcast episode filter, and Siri voice addition as the macOS revision.
As Apple mentioned last month, iOS 15.4 includes an anti-stalking popup to discourage the misuse of its AirTag tracking devices. It's unclear how effective Apple's efforts to discourage AirTags abuse will be given that a Berlin-based infosec firm has developed a way to clone AirTag hardware so that it bypasses Apple's anti-stalking protections.
The iOS update includes a few other minor features like support for the EU Digital COVID Certificate format in Apple's Health and Wallet apps. One feature that's missing in iOS but present in iPadOS 15.4 is the above mentioned Universal Control (because it works on iPads and not iPhones).
Among 25 CVEs addressed in the iBiz's watchOS 8.5, there's said to be a security fix that addresses a vulnerability in Apple's Mail app that could leak the user's IP address when accessing remote content. It's claimed, however, that Apple's Privacy Relay system still leaks the user's IP address when opening links sent via iMessage on an Apple Watch. ®
- Advanced persistent threat
- Apple M1
- App stores
- Black Hat
- Bug Bounty
- Common Vulnerability Scoring System
- Cybersecurity and Infrastructure Security Agency
- Cybersecurity Information Sharing Act
- Data Breach
- Data Protection
- Data Theft
- Digital certificate
- Identity Theft
- Kenna Security
- Palo Alto Networks
- Quantum key distribution
- Remote Access Trojan
- RSA Conference
- Tim Cook
- Trusted Platform Module
- Zero trust