Apple Released Security Updates for iOS 12.0.1 & iCloud with the Fixes for 21 Vulnerabilities

Apple released a security update for its products including iOS 12.0.1 & iCloud for windows along with fixes for 21 critical vulnerabilities.

In this Apple security updates covered mainly iCloud for Windows 7.7 where there are 19 vulnerabilities are reported and 2 vulnerabilities are reported under iOS 12.0.1 by various companies and individuals that affect WebKit.

Ivan Fratric of Google Project Zero alone reported 9 critical vulnerabilities and his findings are playing a major role in this Apple security updates.

iCloud for Windows 7.7 0 – WebKit

  • CVE-2018-4191 –  A memory corruption issue was addressed with improved validation
  • Impact – Unexpected interaction causes an ASSERT failure in Windows 7 and later version
  • CVE-2018-4311 -The issue was addressed by removing origin information.
  • Impact –  Cross-origin Security Errors includes the accessed frame’s origin in Windows 7 and later version
  • CVE-2018-4316 – A memory corruption issue was addressed with improved state management.
  • Impact: Processing maliciously crafted web content may lead to arbitrary code execution in Windows 7 and later version.
  • CVE-2018-4299, CVE-2018-4323, CVE-2018-4328, CVE-2018-4358, CVE-2018-4359 – Multiple memory corruption issues were addressed with improved memory handling.
  • Impact: Processing maliciously crafted web content may lead to arbitrary code execution
  • CVE-2018-4319 -A cross-origin issue existed with “iframe” elements. This was addressed with improved tracking of security origins.
  • Impact: A malicious website may cause unexpected cross-origin behavior
  • CVE-2018-4309 – A cross-site scripting issue existed in Safari. This issue was addressed with improved URL validation.
  • Impact – A malicious website may be able to execute scripts in the context of another website
  • CVE-2018-4197, CVE-2018-4306, CVE-2018-4312, CVE-2018-4314, CVE-2018-4315, CVE-2018-4317, CVE-2018-4318 –  A use after free issue was addressed with improved memory management.
  • Impact: Processing maliciously crafted web content may lead to arbitrary code execution.
  • CVE-2018-4345 – A cross-site scripting issue existed in Safari. This issue was addressed with improved URL validation.
  • Impact: A malicious website may exfiltrate image data cross-origin

iOS 12.0.1 – VoiceOver & Quick Look

  • CVE-2018-4380 –A lock screen issue allowed access to photos and contacts on a locked device. This issue was addressed by restricting options offered on a locked device
  • Impact: A local attacker may be able to view photos and contacts from the lock screen
  • CVE-2018-4379 –  A lock screen issue allowed access to the share function on a locked device. This issue was addressed by restricting options offered on a locked device.
  • Impact: A local attacker may be able to share items from the lock screen

Learn how to update the iOS software on your iPhone, iPad, or iPod touch.

Also Read:

Microsoft Released Security Updates & Fixed 49 Vulnerabilities that Affected Microsoft Products

Cisco Released Security Updates & Fixed 37 Vulnerabilities that Affected Cisco Products

Mozilla Firefox Releases 62.0.3 & Security Updates for 2 High Critical Vulnerabilities

Balaji

BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Recent Posts

Threat Actors Exploit Google Docs And Weebly Services For Malware Attacks

Phishing attackers used Google Docs to deliver malicious links, bypassing security measures and redirecting victims…

10 hours ago

Python NodeStealer: Targeting Facebook Business Accounts to Harvest Login Credentials

The Python-based NodeStealer, a sophisticated info-stealer, has evolved to target new information and employ advanced…

10 hours ago

XSS Vulnerability in Bing.com Let Attackers Send Crafted Malicious Requests

A significant XSS vulnerability was recently uncovered in Microsoft’s Bing.com, potentially allowing attackers to execute…

13 hours ago

Meta Removed 2 Million Account Linked to Malicious Activities

 Meta has announced the removal of over 2 million accounts connected to malicious activities, including…

16 hours ago

Veritas Enterprise Vault Vulnerabilities Lets Attackers Execute Arbitrary Code Remotely

Critical security vulnerability has been identified in Veritas Enterprise Vault, a widely-used archiving and content…

17 hours ago

7-Zip RCE Vulnerability Let Attackers Execute Remote Code

A critical security vulnerability has been disclosed in the popular file archiving tool 7-Zip, allowing…

17 hours ago