Saturday, November 2, 2024
HomeAppleApple Released Security Updates for iOS 12.0.1 & iCloud with the...

Apple Released Security Updates for iOS 12.0.1 & iCloud with the Fixes for 21 Vulnerabilities

Published on

Malware protection

Apple released a security update for its products including iOS 12.0.1 & iCloud for windows along with fixes for 21 critical vulnerabilities.

In this Apple security updates covered mainly iCloud for Windows 7.7 where there are 19 vulnerabilities are reported and 2 vulnerabilities are reported under iOS 12.0.1 by various companies and individuals that affect WebKit.

Ivan Fratric of Google Project Zero alone reported 9 critical vulnerabilities and his findings are playing a major role in this Apple security updates.

- Advertisement - SIEM as a Service

iCloud for Windows 7.7 0 – WebKit

  • CVE-2018-4191 –  A memory corruption issue was addressed with improved validation
  • Impact – Unexpected interaction causes an ASSERT failure in Windows 7 and later version
  • CVE-2018-4311 -The issue was addressed by removing origin information.
  • Impact –  Cross-origin Security Errors includes the accessed frame’s origin in Windows 7 and later version
  • CVE-2018-4316 – A memory corruption issue was addressed with improved state management.
  • Impact: Processing maliciously crafted web content may lead to arbitrary code execution in Windows 7 and later version.
  • CVE-2018-4299, CVE-2018-4323, CVE-2018-4328, CVE-2018-4358, CVE-2018-4359 – Multiple memory corruption issues were addressed with improved memory handling.
  • Impact: Processing maliciously crafted web content may lead to arbitrary code execution
  • CVE-2018-4319 -A cross-origin issue existed with “iframe” elements. This was addressed with improved tracking of security origins.
  • Impact: A malicious website may cause unexpected cross-origin behavior
  • CVE-2018-4309 – A cross-site scripting issue existed in Safari. This issue was addressed with improved URL validation.
  • Impact – A malicious website may be able to execute scripts in the context of another website
  • CVE-2018-4197, CVE-2018-4306, CVE-2018-4312, CVE-2018-4314, CVE-2018-4315, CVE-2018-4317, CVE-2018-4318 –  A use after free issue was addressed with improved memory management.
  • Impact: Processing maliciously crafted web content may lead to arbitrary code execution.
  • CVE-2018-4345 – A cross-site scripting issue existed in Safari. This issue was addressed with improved URL validation.
  • Impact: A malicious website may exfiltrate image data cross-origin

iOS 12.0.1 – VoiceOver & Quick Look

  • CVE-2018-4380 –A lock screen issue allowed access to photos and contacts on a locked device. This issue was addressed by restricting options offered on a locked device
  • Impact: A local attacker may be able to view photos and contacts from the lock screen
  • CVE-2018-4379 –  A lock screen issue allowed access to the share function on a locked device. This issue was addressed by restricting options offered on a locked device.
  • Impact: A local attacker may be able to share items from the lock screen

Learn how to update the iOS software on your iPhone, iPad, or iPod touch.

Also Read:

Microsoft Released Security Updates & Fixed 49 Vulnerabilities that Affected Microsoft Products

Cisco Released Security Updates & Fixed 37 Vulnerabilities that Affected Cisco Products

Mozilla Firefox Releases 62.0.3 & Security Updates for 2 High Critical Vulnerabilities

Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Latest articles

LightSpy iOS Malware Enhanced with 28 New Destructive Plugins

The LightSpy threat actor exploited publicly available vulnerabilities and jailbreak kits to compromise iOS...

ATPC Cyber Forum to Focus on Next Generation Cybersecurity and Artificial Intelligence Issues

White House National Cyber Director, CEOs, Key Financial Services Companies, Congressional and Executive Branch...

New PySilon RAT Abusing Discord Platform to Maintain Persistence

Cybersecurity experts have identified a new Remote Access Trojan (RAT) named PySilon. This Trojan...

Konni APT Hackers Attacking Organizations with New Spear-Phishing Tactics

The notorious Konni Advanced Persistent Threat (APT) group has intensified its cyber assault on...

Free Webinar

Protect Websites & APIs from Malware Attack

Malware targeting customer-facing websites and API applications poses significant risks, including compliance violations, defacements, and even blacklisting.

Join us for an insightful webinar featuring Vivek Gopalan, VP of Products at Indusface, as he shares effective strategies for safeguarding websites and APIs against malware.

Discussion points

Scan DOM, internal links, and JavaScript libraries for hidden malware.
Detect website defacements in real time.
Protect your brand by monitoring for potential blacklisting.
Prevent malware from infiltrating your server and cloud infrastructure.

More like this

LightSpy iOS Malware Enhanced with 28 New Destructive Plugins

The LightSpy threat actor exploited publicly available vulnerabilities and jailbreak kits to compromise iOS...

New PySilon RAT Abusing Discord Platform to Maintain Persistence

Cybersecurity experts have identified a new Remote Access Trojan (RAT) named PySilon. This Trojan...

Konni APT Hackers Attacking Organizations with New Spear-Phishing Tactics

The notorious Konni Advanced Persistent Threat (APT) group has intensified its cyber assault on...