Apple Patches Lots of Vulnerabilities in iOS, macOS

Apple Patches Lots of Vulnerabilities in iOS, macOS

Apple this week released new updates for iOS and macOS users to address tens of security vulnerabilities and other bugs in the two platforms.

A total of 31 security flaws were patched with the release of iOS 12.1.3, impacting components such as AppleKeyStore, Bluetooth, Core Media, CoreAnimation, FaceTime, IOKit, Kernel, Keyboard, libxpc, Safari Reader, SQLite, WebKit, and WebRTC.

Many of the addressed issues could result in arbitrary code execution, Apple reveals in an advisory. These include bugs impacting Bluetooth, FaceTime, Kernel, libxpc, SQLite, WebKit, and WebRTC.

Other vulnerability types resolved in the new iOS release include sandbox restriction bypass, privilege escalation, sandbox escape, denial of service, and cross site scripting attack when processing maliciously crafted web content.

Apple also resolved an issue where password autofill would fill in passwords after they were manually cleared, as well as bugs that resulted in malicious applications causing unexpected changes in memory shared between processes. Other flaws could allow malicious applications determine kernel memory layout or read restricted memory.

macOS Mojave 10.14.3 addresses 23 vulnerabilities in AppleKeyStore, Bluetooth, Core Media, CoreAnimation, FaceTime, Hypervisor, Intel Graphics Driver, IOKit, Kernel, libxpc, Natural Language Processing, QuartzCore, SQLite, and WebRTC.

Advertisement 
10% Off at Maclocks.com CODE:LL10

The flaws could lead to arbitrary code execution, restricted memory leakage, denial of service, manipulation of memory shared between processes, privilege escalation, sandbox escape, and sandbox restriction bypass.

Patches for these are also available for macOS High Sierra 10.13.6 (Security Update 2019-001 High Sierra) and macOS Sierra 10.12.6 (Security Update 2019-001 Sierra).

This week, Apple also released tvOS 12.1.2, with patches for 24 vulnerabilities, most of which impact WebKit (9) and Kernel (6). watchOS 5.1.3 was pushed with patches for 17 flaws.

Apple addressed 10 vulnerabilities in Safari with the release of version 12.0.3 of the browser. These impact Safari Reader and WebKit and could lead to arbitrary code execution or cross site scripting attacks.

A total of 12 vulnerabilities were patched with the release of iCloud for Windows 7.10 this week, impacting SQLite and WebKit and leading to arbitrary code execution or universal cross site scripting.

Leave a comment

Make sure you enter all the required information, indicated by an asterisk (*). HTML code is not allowed.

back to top

Popular Tech News

A quarter of UK adults feel uneasy about using online sharing services

A quarter of UK adults feel uneasy about using online sharing services

12 May, 2019

AI-powered trusted identity as a service provider Jumio has released new details from its Global Trust and Safety Survey...

UK broadband, TV and phone customers must be informed when contract is ending

UK broadband, TV and phone customers must be informed when contract is ending

15 May, 2019

A new Ofcom ruling will go into effect on 1st July, ensuring that phone, broadband and TV companies are more open abou...

UK is 'not a surveillance state' says minister defending police face recognition tech

UK is 'not a surveillance state' says minister defending police face recognition tech

06 May, 2019

Opposition MPs have debated whether automated facial recognition technology should be used at all in the UK, after a p...

Apple Gives Free MacBook Repairs For Keyboard Flaw

Apple Gives Free MacBook Repairs For Keyboard Flaw

23 May, 2019

Apple has redesigned its MacBook keyboards after the firm admitted that previous models contained a design flaw. ...

EE To Launch UK 5G Network Next Week

EE To Launch UK 5G Network Next Week

22 May, 2019

EE will become the first UK operator to launch a 5G network in the UK in six UK cities at the end of this month. ...

Apple plans to make online ads more private

Apple plans to make online ads more private

22 May, 2019

For years, the web has been largely free thanks to online ads. The problem is that nobody likes them. When they’re n...

ExpressVPN UK Review: The best VPN service around

ExpressVPN UK Review: The best VPN service around

11 May, 2019

What impressed us about ExpressVPN the most, is that it has gone the extra mile to provide a great user experience. ...

Nintendo Labo VR Kit UK Review: Virtual reality fun for your Switch

Nintendo Labo VR Kit UK Review: Virtual reality fun for your Switch

10 May, 2019

A year after the Nintendo’s buildable Labo kits was intorduced came a wide range of Labo experiences to pick and cho...

Windows 10 Fix can't be restored after you install an update

Windows 10 Fix can't be restored after you install an update

19 May, 2019

Windows 10 administrators who install Windows 10 on a computer may receive a stop error when they attempt to restore t...

Categories

Home Tech Reviews UK

Mobile Tech Reviews UK

×

Sign up to keep in touch!

Be the first to hear th latest Cyber and Tech News straight to your mailbox.

Check out our Privacy Policy & Terms of use
You can unsubscribe from email list at any time