Apple has released the latest iOS update, which comes with a series of security patches and a technique on disabling the U1 Ultra Wideband tracking for iPhone 11. The release, iOS 13.3.1 update, implemented numerous security fixes that went live on Tuesday, address a large category of bugs, and includes a few patches for high-risk vulnerabilities that could enable the remote code execution (RCE).
Four Critical Flaws Were Fixed
The patch fixes weaknesses in Apple’s Xcode, watchOS, Safari, iTunes for Windows, iOS, iPadOS, macOS, and tvOS. The most critical of the bugs are four RCE vulnerabilities in Apple’s tvOS, each of them labeled as high-severity flaws.
One of the flaws was dubbed CVE-2020-3868, which had a CVSS severity score of 8.8 out of 10, the highest amount among those fixed in the last patch. The bug was associated with numerous memory corruption problems in Apple’s browser engine, WebKit.
“By persuading a victim to visit a specially crafted website, an attacker could exploit this vulnerability to execute arbitrary code on the system or cause a denial of service,” a description of the flaw states.
The other tvOS code execution vulnerabilities have a CVSS labeling of 7.8. Two of the RCE flaws are linked to Imageio Python libraries tvOS, and the other is associated with Apple’s use of the secure network protocol suite IPSec.
Possibility to Disable the Tracking via U1 Ultra-Wideband
Last year in December, KrebsOnSecurity first revealed a tracking system in the iPhone 11 series of devices. The tracking occurred irrelevant of the fact that the iPhone user has turned off the device’s location settings.
After researching the issue, the website author, Brian Krebs, decided that the tracking issue was linked to the use of Apple’s own U1 processor, which was implemented in 2019 and used for the first time in the iPhone 11S.
These U1 chips utilize Ultra-Wideband technology with the intention of enhancing the performance of Apple services like the AirDrop. The U1 is actually providing accurate location and spatial awareness of the device’s state in relativity to other Apple devices in a room. This system allows someone to put their iPhone 11 near another iPhone 11 and have that handset automatically pair for transferring files, with no manual searching required.
Users reported that the new chip is tracking their locations; to solve the issue, Apple has finally added a switch that allows iPhone 11 owners to disable location tracking for networking and wireless functions.
With the iOS 13.3.1 update, users can now disable the feature, either when turning off the location setting or selectively. To disable it, head over to ‘Settings,’ then to ‘Privacy’ and ‘Location Services,’ and open the ‘System Services’ option.
Tuesday security updates come after a few other staggering iOS 13 updates. As they were released, Apple has encountered disapproval for what people see as a gradual release of the operating system. Last month, the tech giant updated it to iOS 13.3, making it the third release to the iOS and iPadOS 13 since it launched on September 19th.s