Apple released a security update for its products including iOS 12.0.1 & iCloud for windows along with fixes for 21 critical vulnerabilities.
In this Apple security updates covered mainly iCloud for Windows 7.7 where there are 19 vulnerabilities are reported and 2 vulnerabilities are reported under iOS 12.0.1 by various companies and individuals that affect WebKit.
Ivan Fratric of Google Project Zero alone reported 9 critical vulnerabilities and his findings are playing a major role in this Apple security updates.
Apple Releases Security Updates for iCloud, iOS https://t.co/Sq6OGne376 #NCCIC #cyber #cybersecurity #infosec
— US-CERT (@USCERT_gov) October 8, 2018
iCloud for Windows 7.7 0 – WebKit
- CVE-2018-4191 – A memory corruption issue was addressed with improved validation
- Impact – Unexpected interaction causes an ASSERT failure in Windows 7 and later version
- CVE-2018-4311 -The issue was addressed by removing origin information.
- Impact – Cross-origin Security Errors includes the accessed frame’s origin in Windows 7 and later version
- CVE-2018-4316 – A memory corruption issue was addressed with improved state management.
- Impact: Processing maliciously crafted web content may lead to arbitrary code execution in Windows 7 and later version.
- CVE-2018-4299, CVE-2018-4323, CVE-2018-4328, CVE-2018-4358, CVE-2018-4359 – Multiple memory corruption issues were addressed with improved memory handling.
- Impact: Processing maliciously crafted web content may lead to arbitrary code execution
- CVE-2018-4319 -A cross-origin issue existed with “iframe” elements. This was addressed with improved tracking of security origins.
- Impact: A malicious website may cause unexpected cross-origin behavior
- CVE-2018-4309 – A cross-site scripting issue existed in Safari. This issue was addressed with improved URL validation.
- Impact – A malicious website may be able to execute scripts in the context of another website
- CVE-2018-4197, CVE-2018-4306, CVE-2018-4312, CVE-2018-4314, CVE-2018-4315, CVE-2018-4317, CVE-2018-4318 – A use after free issue was addressed with improved memory management.
- Impact: Processing maliciously crafted web content may lead to arbitrary code execution.
- CVE-2018-4345 – A cross-site scripting issue existed in Safari. This issue was addressed with improved URL validation.
- Impact: A malicious website may exfiltrate image data cross-origin
iOS 12.0.1 – VoiceOver & Quick Look
- CVE-2018-4380 –A lock screen issue allowed access to photos and contacts on a locked device. This issue was addressed by restricting options offered on a locked device
- Impact: A local attacker may be able to view photos and contacts from the lock screen
- CVE-2018-4379 – A lock screen issue allowed access to the share function on a locked device. This issue was addressed by restricting options offered on a locked device.
- Impact: A local attacker may be able to share items from the lock screen
Learn how to update the iOS software on your iPhone, iPad, or iPod touch.
Also Read:
Microsoft Released Security Updates & Fixed 49 Vulnerabilities that Affected Microsoft Products
Cisco Released Security Updates & Fixed 37 Vulnerabilities that Affected Cisco Products
Mozilla Firefox Releases 62.0.3 & Security Updates for 2 High Critical Vulnerabilities