Ios 13.5

We’ve all been feeling new emotions recently, and now at last there are new ways to express them via the international language of emoji.

May 20, 2020 Apple today released iOS and iPadOS 13.5, major updates that come more than a month after the launch of iOS and iPadOS 13.4.1. IOS 13.5 is a major health-related update that brings many features. Apple today released iOS and iPadOS 13.5, major updates that come more than a month after the launch of iOS and iPadOS 13.4.1. IOS 13.5 is a major health-related update that brings many features. IOS 13.5 Apple released the third iOS 14.5 beta to developers Tuesday afternoon, and although the release didn’t go as smoothly as normal, all ended up well. This latest beta sees the return of the. IOS 13.5 (17F75) 20th May 2020 5.26 GB: iPhone11,2,iPhone11,4,iPhone11,6,iPhone12,3,iPhone12,513.517F75Restore.ipsw: Follow @iOSReleases Telegram Bot r/jailbreak.

Unicode’s latest emojis are being rolled out to Apple devices on the iOS 14.5, released today, and we’ve got a sneak peek at the new emojis you’ll be able to use once you’ve updated.

A bandaged heart, a dizzy face with spiral eyes, a face exhaling with exhaustion and a ‘brain fog’ emoji are among the latest emojis coming to Apple devices as part of Emoji 13.1. Which, incidentally, is a handy summary of how we’ve been feeling lately.

There’s also a whole new range of emojis that increase the gender and racial diversity of the emoji alphabet, including more interracial couple options, as well as a ‘heart on fire’ emoji.

One other timely change: Apple has updated the design of the syringe emoji. Previously shown with the needle dripping blood, it’s now empty or clear – a nifty change as vaccination efforts step up worldwide.

The new emojis are available on iOS 14.5, which is available for Apple devices now. Go express yourself!

About Apple security updates

For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the Apple security updates page.

Apple security documents reference vulnerabilities by CVE-ID when possible.

For more information about security, see the Apple Product Security page.

iOS 13.5 and iPadOS 13.5

Released May 20, 2020

Accounts

Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation

Impact: A remote attacker may be able to cause a denial of service

Description: A denial of service issue was addressed with improved input validation.

CVE-2020-9827: Jannik Lorenz of SEEMOO @ TU Darmstadt

AirDrop

Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation

Impact: A remote attacker may be able to cause a denial of service

Description: A denial of service issue was addressed with improved input validation.

CVE-2020-9826: Dor Hadad of Palo Alto Networks

AppleMobileFileIntegrity

Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation

Impact: A malicious application could interact with system processes to access private information and perform privileged actions

Description: An entitlement parsing issue was addressed with improved parsing.

CVE-2020-9842: Linus Henze (pinauten.de)

Audio

Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation

Impact: Processing a maliciously crafted audio file may lead to arbitrary code execution

Description: An out-of-bounds read was addressed with improved bounds checking.

CVE-2020-9815: Yu Zhou (@yuzhou6666) working with Trend Micro Zero Day Initiative

Audio

Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation

Impact: Processing a maliciously crafted audio file may lead to arbitrary code execution

Description: An out-of-bounds read was addressed with improved input validation.

CVE-2020-9791: Yu Zhou (@yuzhou6666) working with Trend Micro Zero Day Initiative

Bluetooth

Iphone 13.5 update

Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation

Impact: An attacker in a privileged network position may be able to intercept Bluetooth traffic

Description: An issue existed with the use of a PRNG with low entropy. This issue was addressed with improved state management.

CVE-2020-6616: Jörn Tillmanns (@matedealer) and Jiska Classen (@naehrdine) of Secure Mobile Networking Lab

Bluetooth

Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation

Impact: A remote attacker may be able to cause arbitrary code execution

Description: An out-of-bounds read was addressed with improved bounds checking.

CVE-2020-9838: Dennis Heinze (@ttdennis) of TU Darmstadt, Secure Mobile Networking Lab

CoreText

Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation

Impact: Processing a maliciously crafted text message may lead to application denial of service

Description: A validation issue was addressed with improved input sanitization.

CVE-2020-9829: Aaron Perris (@aaronp613), an anonymous researcher, an anonymous researcher, Carlos S Tech, Sam Menzies of Sam’s Lounge, Sufiyan Gouri of Lovely Professional University, India, Suleman Hasan Rathor of Arabic-Classroom.com

FaceTime

Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation

Impact: A user’s video may not be paused in a FaceTime call if they exit the FaceTime app while the call is ringing

Description: An issue existed in the pausing of FaceTime video. The issue was resolved with improved logic.

CVE-2020-9835: Olivier Levesque (@olilevesque)

File System

Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation

Impact: A remote attacker may be able to modify the file system

Description: A logic issue was addressed with improved restrictions.

CVE-2020-9820: Thijs Alkemade of Computest

FontParser

Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation

Impact: Opening a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution

Description: An out-of-bounds write issue was addressed with improved bounds checking.

CVE-2020-9816: Peter Nguyen Vu Hoang of STAR Labs working with Trend Micro Zero Day Initiative

ImageIO

Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation

Impact: Processing a maliciously crafted image may lead to arbitrary code execution

Description: An out-of-bounds read was addressed with improved input validation.

CVE-2020-3878: Samuel Groß of Google Project Zero

ImageIO

Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation

Impact: Processing a maliciously crafted image may lead to arbitrary code execution

Description: An out-of-bounds write issue was addressed with improved bounds checking.

CVE-2020-9789: Wenchao Li of [email protected]

CVE-2020-9790: Xingwei Lin of Ant-financial Light-Year Security Lab

IPSec

Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation

Impact: A remote attacker may be able to leak memory

Description: An out-of-bounds read was addressed with improved bounds checking.

CVE-2020-9837: Thijs Alkemade of Computest

Kernel

Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation

Impact: A malicious application may be able to execute arbitrary code with kernel privileges

Description: A memory corruption issue was addressed with improved state management.

CVE-2020-9821: Xinru Chi and Tielei Wang of Pangu Lab

Kernel

Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation

Impact: A malicious application may be able to determine another application's memory layout

Description: An information disclosure issue was addressed by removing the vulnerable code.

CVE-2020-9797: an anonymous researcher

Kernel

Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation

Impact: A malicious application may be able to execute arbitrary code with kernel privileges

Description: An integer overflow was addressed through improved input validation.

CVE-2020-9852: Tao Huang and Tielei Wang of Pangu Lab

Kernel

Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation

Impact: An application may be able to execute arbitrary code with kernel privileges

Description: A use after free issue was addressed with improved memory management.

CVE-2020-9795: Zhuo Liang of Qihoo 360 Vulcan Team

Kernel

Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation

Impact: An application may be able to cause unexpected system termination or write kernel memory

Description: A memory corruption issue was addressed with improved state management.

CVE-2020-9808: Xinru Chi and Tielei Wang of Pangu Lab

Kernel

Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation

Impact: A local user may be able to read kernel memory

Description: An information disclosure issue was addressed with improved state management.

CVE-2020-9811: Tielei Wang of Pangu Lab

CVE-2020-9812: derrek (@derrekr6)

Kernel

Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation

Impact: A malicious application may be able to execute arbitrary code with kernel privileges

Description: A logic issue existed resulting in memory corruption. This was addressed with improved state management.

CVE-2020-9813: Xinru Chi of Pangu Lab

CVE-2020-9814: Xinru Chi and Tielei Wang of Pangu Lab

Kernel

Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation

Impact: A malicious application may be able to determine kernel memory layout

13.5

Description: An information disclosure issue was addressed with improved state management.

CVE-2020-9809: Benjamin Randazzo (@____benjamin)

libxpc

Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation

Impact: A malicious application may be able to overwrite arbitrary files

Description: A path handling issue was addressed with improved validation.

CVE-2020-9994: Apple

Entry added September 21, 2020

Mail

Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation

Impact: Processing a maliciously crafted mail message may lead to heap corruption

Description: A memory consumption issue was addressed with improved memory handling.

CVE-2020-9819: ZecOps.com

Mail

Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation

Impact: Processing a maliciously crafted mail message may lead to unexpected memory modification or application termination

Description: An out-of-bounds write issue was addressed with improved bounds checking.

CVE-2020-9818: ZecOps.com

Messages

Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation

Impact: Users removed from an iMessage conversation may still be able to alter state

Description: This issue was addressed with improved checks.

CVE-2020-9823: Suryansh Mansharamani, student of Community Middle School, Plainsboro, New Jersey

Notifications

Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation

Impact: A person with physical access to an iOS device may be able to view notification contents from the lockscreen

Description: An authorization issue was addressed with improved state management.

CVE-2020-9848: Nima

rsync

Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation

Impact: A remote attacker may be able to overwrite existing files

Description: A validation issue existed in the handling of symlinks. This issue was addressed with improved validation of symlinks.

CVE-2014-9512: gaojianfeng

Ios

Entry added July 28, 2020

Sandbox

Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation

Impact: A malicious application may be able to bypass Privacy preferences

Description: An access issue was addressed with additional sandbox restrictions.

CVE-2020-9825: Sreejith Krishnan R (@skr0x1C0)

Security

Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation

Impact: An application may be able to gain elevated privileges

Description: A logic issue was addressed with improved validation.

CVE-2020-9854: Ilias Morad (A2nkF)

Entry added July 28, 2020

SQLite

Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation

Impact: A malicious application may cause a denial of service or potentially disclose memory contents

Description: An out-of-bounds read was addressed with improved bounds checking.

CVE-2020-9794

System Preferences

Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation

Impact: An application may be able to gain elevated privileges

Description: A race condition was addressed with improved state handling.

CVE-2020-9839: @jinmo123, @setuid0x0_, and @insu_yun_en of @SSLab_Gatech working with Trend Micro’s Zero Day Initiative

USB Audio

Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation

Impact: A USB device may be able to cause a denial of service

Description: A validation issue was addressed with improved input sanitization.

CVE-2020-9792: Andy Davis of NCC Group

Ios 13.5 Upgrade

WebKit

Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation

Impact: Processing maliciously crafted web content may lead to universal cross site scripting

Description: A logic issue was addressed with improved restrictions.

CVE-2020-9805: an anonymous researcher

WebKit

Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation

Impact: Processing maliciously crafted web content may lead to arbitrary code execution

Description: A logic issue was addressed with improved restrictions.

CVE-2020-9802: Samuel Groß of Google Project Zero

WebKit

Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation

Impact: A remote attacker may be able to cause arbitrary code execution

Description: A logic issue was addressed with improved restrictions.

CVE-2020-9850: @jinmo123, @setuid0x0_, and @insu_yun_en of @SSLab_Gatech working with Trend Micro’s Zero Day Initiative

WebKit

Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation

Impact: Processing maliciously crafted web content may lead to a cross site scripting attack

Description: An input validation issue was addressed with improved input validation.

CVE-2020-9843: Ryan Pickren (ryanpickren.com)

WebKit

Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation

Impact: Processing maliciously crafted web content may lead to arbitrary code execution

Description: A memory corruption issue was addressed with improved validation.

CVE-2020-9803: Wen Xu of SSLab at Georgia Tech

WebKit

Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation

Impact: Processing maliciously crafted web content may lead to arbitrary code execution

Description: A memory corruption issue was addressed with improved state management.

Ios 13.5 Ipsw

CVE-2020-9806: Wen Xu of SSLab at Georgia Tech

CVE-2020-9807: Wen Xu of SSLab at Georgia Tech

13.5

WebKit

Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation

Impact: Processing maliciously crafted web content may lead to arbitrary code execution

Description: A type confusion issue was addressed with improved memory handling.

CVE-2020-9800: Brendan Draper (@6r3nd4n) working with Trend Micro Zero Day Initiative

WebRTC

Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation

Ios 13.5.1 download

Impact: Processing maliciously crafted web content may result in the disclosure of process memory

Description: An access issue was addressed with improved memory management.

CVE-2019-20503: natashenka of Google Project Zero

Wi-Fi

Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation

Impact: A remote attacker may be able to cause unexpected system termination or corrupt kernel memory

Description: A double free issue was addressed with improved memory management.

CVE-2020-9844: Ian Beer of Google Project Zero

Wi-Fi

Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation

Impact: An application may be able to execute arbitrary code with kernel privileges

Description: A memory corruption issue was addressed with improved state management.

CVE-2020-9830: Tielei Wang of Pangu Lab

Entry added August 10, 2020

Additional recognition

Bluetooth

We would like to acknowledge Maximilian von Tschirschnitz (@maxinfosec1) of Technical University Munich and Ludwig Peuckert of Technical University Munich for their assistance.

CoreText

We would like to acknowledge Jiska Classen (@naehrdine) and Dennis Heinze (@ttdennis) of Secure Mobile Networking Lab for their assistance.

Device Analytics

We would like to acknowledge Mohamed Ghannam (@_simo36) for their assistance.

ImageIO

We would like to acknowledge Lei Sun for their assistance.

IOHIDFamily

We would like to acknowledge Andy Davis of NCC Group for their assistance.

IPSec

We would like to acknowledge Thijs Alkemade of Computest for their assistance.

Entry added August 10, 2020

Kernel

We would like to acknowledge Brandon Azad of Google Project Zero for their assistance.

Safari

We would like to acknowledge Jeffball of GRIMM and Luke Walker of Manchester Metropolitan University for their assistance.

WebKit

We would like to acknowledge Aidan Dunlap of UT Austin for their assistance.