Pixel Envy

Written by Nick Heer.

Apple Releases iOS 14.2, Patching Vulnerabilities Being Actively Exploited in ‘Targeted’ Circumstances

Juli Clover, MacRumors:

Apple today released iOS 14.2 and iPadOS 14.2, the second major updates to the iOS and iPadOS 14 operating system updates that were released in September. iOS 14.2 and iPadOS 14.2 come two weeks after the launch of iOS 14.1.

[…]

Apple traditionally updates iOS with new emojis each fall, and iOS 14.2 is the emoji update. iOS and iPadOS 14.2 include new Emoji 13 characters with options that include smiling face with tear, ninja, pinched fingers, anatomical heart, black cat, mammoth, polar bear, dodo, fly, bell pepper, tamale, bubble tea, potted plant, piñata, plunger, wand, feather, hut, and more, with a full list available here.

[…]

There’s a redesigned Now Playing widget in the Control Center that lists recently played albums that you might want to listen to when no music is playing. There’s also a redesigned interface for AirPlay, which makes it easier to play music across multiple AirPlay 2-compatible devices at the same time.

This redesigned Now Playing widget is fantastic if you use the default Music app: you can just put your headphones in your ears and the lock screen widget will suggest a handful of recently-listened albums. I do not know if this works with Spotify — if you know, please get in touch — but, in my use, it has often meant that something I want to listen to is right there waiting for me when I need it.

iOS 14.2 also includes a bunch of new wallpapers that, sadly, push out the classic blue marble image and the selection of flowers with bright gradients. Speaking of wallpapers, I have a correction to make: when I noted the new wallpapers in this update a couple of weeks ago, I wrote that “Apple has not added new Live and Dynamic wallpapers in years”. That is not true. Every new iPhone model has a device-specific Live wallpaper, all of which you can find in a massive wallpaper archive. It is true that Apple has not added a new Dynamic wallpaper in years, but because the same Live wallpaper library is not available to all devices, I missed the device-specific ones.

Dan Goodin, Ars Technica:

Apple has patched iOS against three zero-day vulnerabilities that attackers were actively exploiting in the wild. The attacks were discovered by Google’s Project Zero vulnerability research group, which over the past few weeks has detected four other zero-day exploits—three against Chrome and a third against Windows.

The security flaws affect iPhone 6s and later, seventh-generation iPod touches, iPad Air 2s and later, and iPad mini 4s and later. […]

[Shane Huntley][sh] of Google’s Project Zero team:

Targeted exploitation in the wild similar to the other recently reported 0days. Not related to any election targeting.

These vulnerabilities were patched in iOS 12.4.9, also released today for older devices, and in OS updates across Apple’s entire product line. If you were running the iOS 14.2 beta, you should know that today’s public version has a slightly newer build number than the release candidate version, so you should update.

No word yet on the specific target or suspected threat actor — in infosec parlance — but using fonts as a vector seems relatively uncommon, though it is not new. NIST’s search engine returns less than 700 CVE results for “font”, compared to around 3,000 for each “WordPress” and “JavaScript, and nearly 5,000 for “PDF”.