Saturday, February 8, 2025
HomeAppleApple Released Security Updates for iOS 12.0.1 & iCloud with the...

Apple Released Security Updates for iOS 12.0.1 & iCloud with the Fixes for 21 Vulnerabilities

Published on

SIEM as a Service

Follow Us on Google News

Apple released a security update for its products including iOS 12.0.1 & iCloud for windows along with fixes for 21 critical vulnerabilities.

In this Apple security updates covered mainly iCloud for Windows 7.7 where there are 19 vulnerabilities are reported and 2 vulnerabilities are reported under iOS 12.0.1 by various companies and individuals that affect WebKit.

Ivan Fratric of Google Project Zero alone reported 9 critical vulnerabilities and his findings are playing a major role in this Apple security updates.

iCloud for Windows 7.7 0 – WebKit

  • CVE-2018-4191 –  A memory corruption issue was addressed with improved validation
  • Impact – Unexpected interaction causes an ASSERT failure in Windows 7 and later version
  • CVE-2018-4311 -The issue was addressed by removing origin information.
  • Impact –  Cross-origin Security Errors includes the accessed frame’s origin in Windows 7 and later version
  • CVE-2018-4316 – A memory corruption issue was addressed with improved state management.
  • Impact: Processing maliciously crafted web content may lead to arbitrary code execution in Windows 7 and later version.
  • CVE-2018-4299, CVE-2018-4323, CVE-2018-4328, CVE-2018-4358, CVE-2018-4359 – Multiple memory corruption issues were addressed with improved memory handling.
  • Impact: Processing maliciously crafted web content may lead to arbitrary code execution
  • CVE-2018-4319 -A cross-origin issue existed with “iframe” elements. This was addressed with improved tracking of security origins.
  • Impact: A malicious website may cause unexpected cross-origin behavior
  • CVE-2018-4309 – A cross-site scripting issue existed in Safari. This issue was addressed with improved URL validation.
  • Impact – A malicious website may be able to execute scripts in the context of another website
  • CVE-2018-4197, CVE-2018-4306, CVE-2018-4312, CVE-2018-4314, CVE-2018-4315, CVE-2018-4317, CVE-2018-4318 –  A use after free issue was addressed with improved memory management.
  • Impact: Processing maliciously crafted web content may lead to arbitrary code execution.
  • CVE-2018-4345 – A cross-site scripting issue existed in Safari. This issue was addressed with improved URL validation.
  • Impact: A malicious website may exfiltrate image data cross-origin

iOS 12.0.1 – VoiceOver & Quick Look

  • CVE-2018-4380 –A lock screen issue allowed access to photos and contacts on a locked device. This issue was addressed by restricting options offered on a locked device
  • Impact: A local attacker may be able to view photos and contacts from the lock screen
  • CVE-2018-4379 –  A lock screen issue allowed access to the share function on a locked device. This issue was addressed by restricting options offered on a locked device.
  • Impact: A local attacker may be able to share items from the lock screen

Learn how to update the iOS software on your iPhone, iPad, or iPod touch.

Also Read:

Microsoft Released Security Updates & Fixed 49 Vulnerabilities that Affected Microsoft Products

Cisco Released Security Updates & Fixed 37 Vulnerabilities that Affected Cisco Products

Mozilla Firefox Releases 62.0.3 & Security Updates for 2 High Critical Vulnerabilities

Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Latest articles

Autonomous LLMs Reshaping Pen Testing: Real-World AD Breaches and the Future of Cybersecurity

Large Language Models (LLMs) are transforming penetration testing (pen testing), leveraging their advanced reasoning...

Securing GAI-Driven Semantic Communications: A Novel Defense Against Backdoor Attacks

Semantic communication systems, powered by Generative AI (GAI), are transforming the way information is...

Cybercriminals Target IIS Servers to Spread BadIIS Malware

A recent wave of cyberattacks has revealed the exploitation of Microsoft Internet Information Services...

Hackers Leveraging Image & Video Attachments to Deliver Malware

Cybercriminals are increasingly exploiting image and video files to deliver malware, leveraging advanced techniques...

Supply Chain Attack Prevention

Free Webinar - Supply Chain Attack Prevention

Recent attacks like Polyfill[.]io show how compromised third-party components become backdoors for hackers. PCI DSS 4.0’s Requirement 6.4.3 mandates stricter browser script controls, while Requirement 12.8 focuses on securing third-party providers.

Join Vivekanand Gopalan (VP of Products – Indusface) and Phani Deepak Akella (VP of Marketing – Indusface) as they break down these compliance requirements and share strategies to protect your applications from supply chain attacks.

Discussion points

Meeting PCI DSS 4.0 mandates.
Blocking malicious components and unauthorized JavaScript execution.
PIdentifying attack surfaces from third-party dependencies.
Preventing man-in-the-browser attacks with proactive monitoring.

More like this

Autonomous LLMs Reshaping Pen Testing: Real-World AD Breaches and the Future of Cybersecurity

Large Language Models (LLMs) are transforming penetration testing (pen testing), leveraging their advanced reasoning...

Securing GAI-Driven Semantic Communications: A Novel Defense Against Backdoor Attacks

Semantic communication systems, powered by Generative AI (GAI), are transforming the way information is...

Cybercriminals Target IIS Servers to Spread BadIIS Malware

A recent wave of cyberattacks has revealed the exploitation of Microsoft Internet Information Services...