About the security content of iOS 13.1 and iPadOS 13.1

This document describes the security content of iOS 13.1 and iPadOS 13.1.

About Apple security updates

For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the Apple security updates page.

Apple security documents reference vulnerabilities by CVE-ID when possible.

For more information about security, see the Apple Product Security page.

iOS 13.1 and iPadOS 13.1

Released September 24, 2019

iOS 13.1 and iPadOS 13.1 include the security content of iOS 13.

Kernel

Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation

Impact: A malicious application may be able to determine kernel memory layout

Description: The issue was addressed with improved permissions logic.

CVE-2019-8780: Siguza

Entry added October 8, 2019

VoiceOver

Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation

Impact: A person with physical access to an iOS device may be able to access contacts from the lock screen

Description: The issue was addressed by restricting options offered on a locked device.

CVE-2019-8775: videosdebarraquito

WebKit

Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation

Impact: Visiting a maliciously crafted website may reveal browsing history

Description: An issue existed in the drawing of web page elements. The issue was addressed with improved logic.

CVE-2019-8769: Piérre Reimertz (@reimertz)

Entry added October 8, 2019

WebKit

Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation

Impact: Processing maliciously crafted web content may lead to arbitrary code execution

Description: Multiple memory corruption issues were addressed with improved memory handling.

CVE-2019-8763: Sergei Glazunov of Google Project Zero

Entry added October 8, 2019

Additional recognition

Find My iPhone

We would like to acknowledge an anonymous researcher for their assistance.

Notes

We would like to acknowledge an anonymous researcher for their assistance.

Telephony

We would like to acknowledge Yiğit Can YILMAZ (@yilmazcanyigit) for their assistance.

Information about products not manufactured by Apple, or independent websites not controlled or tested by Apple, is provided without recommendation or endorsement. Apple assumes no responsibility with regard to the selection, performance, or use of third-party websites or products. Apple makes no representations regarding third-party website accuracy or reliability. Risks are inherent in the use of the Internet. Contact the vendor for additional information. Other company and product names may be trademarks of their respective owners.

Published Date: