Home>Blog>The Hacker News Headlines>Latest iOS 12.2 Update Patches Some Serious Security Vulnerabilities
The Hacker News Headlines

Latest iOS 12.2 Update Patches Some Serious Security Vulnerabilities

ios update download iphone security

Apple on Monday released iOS 12.2 to patch a total of 51
security vulnerabilities in its mobile operating system that
affects iPhone 5s and later, iPad Air and later, and iPod touch 6th
generation.

A majority of vulnerabilities Apple patched this month reside in
its web rendering engine WebKit, which is used by many apps and web
browsers running on the Apple’s operating system.

According to the advisory, just opening a maliciously
crafted web content using any vulnerable WebKit-based application
could allow remote attackers to execute arbitrary code, disclose
sensitive user information, bypass sandbox restrictions, or launch
universal cross-site scripting attacks on the device.
[1]

Among the WebKit vulnerabilities include a consistency issue
(CVE-2019-6222) that allows malicious websites to potentially
access an iOS device microphone without the “microphone-in-use”
indicator being shown.

A similar vulnerability (CVE-2019-8566) has been patched in
Apple’s ReplayKit API that could allow a malicious application to
access the iOS device’s microphone without alerting the user.

“An API issue existed in the handling of microphone data. This
issue was addressed with improved validation,” Apple says in its
advisory briefing the ReplayKit bug.

Apple has also patched a serious logical bug (CVE-2019-8503) in
WebKit that could have allowed malicious websites to execute
scripts in the context of another site, allowing them to steal your
information stored on other sites or launch a wide-range of online
attacks.

Besides WebKit issues, the advisory also revealed the existence
of a critical flaw in earlier iOS versions that could lead to
arbitrary code execution just by convincing victims into clicking a
malicious SMS link.

The SMS vulnerability, identified as CVE-2019-8553, appears to
affect iPhone 5s and later, iPad Air and later, and iPod touch 6th
generation devices.

Apple has also patched a total of six vulnerabilities in iOS
kernel, of which CVE-2019-8527 could allow a remote attacker to
crash the system or corrupt kernel memory, CVE-2019-8514 could be
used to elevate privileges, and rest allow malicious apps to read
memory layout.

The technical details and proof-of-concept code for the newly
patched flaws are yet unavailable.

To check for the update on your iPhone or iPad, go to Settings→
General → Software Update and click the ‘Download and Install’
button.

References

  1. ^
    advisory
    (support.apple.com)

Read more

Leave a Reply

Powered By Anakyst UK Work done easy Discover Great Places People Websites in Nigeria. Be Discovered and Discover Great Places People Products & Websites in Nigeria. Tell us what you need to advertise online onradio ontv and where you want to advertise and discover talented publishers and advertisers within minutes for just a fraction of the cost!JobScout | Developed By Rara Theme. Powered by WordPress.