Friday, April 19, 2024

Apple Released Security Updates for iOS 12.0.1 & iCloud with the Fixes for 21 Vulnerabilities

By Balaji

Apple released a security update for its products including iOS 12.0.1 & iCloud for windows along with fixes for 21 critical vulnerabilities.

In this Apple security updates covered mainly iCloud for Windows 7.7 where there are 19 vulnerabilities are reported and 2 vulnerabilities are reported under iOS 12.0.1 by various companies and individuals that affect WebKit.

Ivan Fratric of Google Project Zero alone reported 9 critical vulnerabilities and his findings are playing a major role in this Apple security updates.

iCloud for Windows 7.7 0 – WebKit

  • CVE-2018-4191 –  A memory corruption issue was addressed with improved validation
  • Impact – Unexpected interaction causes an ASSERT failure in Windows 7 and later version
  • CVE-2018-4311 -The issue was addressed by removing origin information.
  • Impact –  Cross-origin Security Errors includes the accessed frame’s origin in Windows 7 and later version
  • CVE-2018-4316 – A memory corruption issue was addressed with improved state management.
  • Impact: Processing maliciously crafted web content may lead to arbitrary code execution in Windows 7 and later version.
  • CVE-2018-4299, CVE-2018-4323, CVE-2018-4328, CVE-2018-4358, CVE-2018-4359 – Multiple memory corruption issues were addressed with improved memory handling.
  • Impact: Processing maliciously crafted web content may lead to arbitrary code execution
  • CVE-2018-4319 -A cross-origin issue existed with “iframe” elements. This was addressed with improved tracking of security origins.
  • Impact: A malicious website may cause unexpected cross-origin behavior
  • CVE-2018-4309 – A cross-site scripting issue existed in Safari. This issue was addressed with improved URL validation.
  • Impact – A malicious website may be able to execute scripts in the context of another website
  • CVE-2018-4197, CVE-2018-4306, CVE-2018-4312, CVE-2018-4314, CVE-2018-4315, CVE-2018-4317, CVE-2018-4318 –  A use after free issue was addressed with improved memory management.
  • Impact: Processing maliciously crafted web content may lead to arbitrary code execution.
  • CVE-2018-4345 – A cross-site scripting issue existed in Safari. This issue was addressed with improved URL validation.
  • Impact: A malicious website may exfiltrate image data cross-origin

iOS 12.0.1 – VoiceOver & Quick Look

  • CVE-2018-4380 –A lock screen issue allowed access to photos and contacts on a locked device. This issue was addressed by restricting options offered on a locked device
  • Impact: A local attacker may be able to view photos and contacts from the lock screen
  • CVE-2018-4379 –  A lock screen issue allowed access to the share function on a locked device. This issue was addressed by restricting options offered on a locked device.
  • Impact: A local attacker may be able to share items from the lock screen

Learn how to update the iOS software on your iPhone, iPad, or iPod touch.

Also Read:

Microsoft Released Security Updates & Fixed 49 Vulnerabilities that Affected Microsoft Products

Cisco Released Security Updates & Fixed 37 Vulnerabilities that Affected Cisco Products

Mozilla Firefox Releases 62.0.3 & Security Updates for 2 High Critical Vulnerabilities

Managed WAF Protection

Website

Latest articles

cyber security

Akira Ransomware Attacks Over 250 Organizations and Collects $42 Million

The Akira ransomware variant has severely impacted more than 250 organizations worldwide, amassing...
Uncategorized

Alert! Windows LPE Zero-day Exploit Advertised on Hacker Forums

A new zero-day Local Privilege Escalation (LPE) exploit has been put up for sale...
Vulnerability

Palo Alto ZeroDay Exploited in The Wild Following PoC Release

Palo Alto Networks has disclosed a critical vulnerability within its PAN-OS operating system, identified...
Cyber Attack

FIN7 Hackers Attacking IT Employees Of Automotive Industry

IT employees in the automotive industry are often targeted by hackers because they have...
Cyber Attack

Russian APT44 – The Most Notorious Cyber Sabotage Group Globally

As Russia's invasion of Ukraine enters its third year, the formidable Sandworm (aka FROZENBARENTS,...
Android

SoumniBot Exploiting Android Manifest Flaws to Evade Detection

A new banker, SoumniBot, has recently been identified. It targets Korean users and is...
cyber security

LeSlipFrancais Data Breach: Customers’ Personal Information Exposed

LeSlipFrancais, the renowned French underwear brand, has confirmed a data breach impacting its customer...
Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

WAAP/WAF ROI Analysis

Mastering WAAP/WAF ROI Analysis

As the importance of compliance and safeguarding critical websites and APIs grows, Web Application and API Protection (WAAP) solutions play an integral role.
Key takeaways include:

  • Pricing models
  • Cost Estimation
  • ROI Calculation

    • Book Your Spot

Related Articles

Connect with GBHackers On Security

Join 70,000 Security Professionals

Stay safe online with free daily cybersecurity updates. Sign up now!

GBHackers on security is a highly informative and reliable Cyber Security News platform that provides the latest and most relevant updates on Cyber Security News, Hacking News, Technology advancements, and Kali Linux tutorials on a daily basis. The platform is dedicated to keeping the community well-informed and up-to-date with the constantly evolving Cyber World.

Menu

Contact US:

Email : [email protected]