Apple Released Security Updates for iOS 12.0.1 & iCloud with the Fixes for 21 Vulnerabilities

Apple released a security update for its products including iOS 12.0.1 & iCloud for windows along with fixes for 21 critical vulnerabilities.

In this Apple security updates covered mainly iCloud for Windows 7.7 where there are 19 vulnerabilities are reported and 2 vulnerabilities are reported under iOS 12.0.1 by various companies and individuals that affect WebKit.

Ivan Fratric of Google Project Zero alone reported 9 critical vulnerabilities and his findings are playing a major role in this Apple security updates.

iCloud for Windows 7.7 0 – WebKit

• CVE-2018-4191 –  A memory corruption issue was addressed with improved validation
• Impact – Unexpected interaction causes an ASSERT failure in Windows 7 and later version

• CVE-2018-4311 -The issue was addressed by removing origin information.
• Impact –  Cross-origin Security Errors includes the accessed frame’s origin in Windows 7 and later version

• CVE-2018-4316 – A memory corruption issue was addressed with improved state management.
• Impact: Processing maliciously crafted web content may lead to arbitrary code execution in Windows 7 and later version.

• CVE-2018-4299, CVE-2018-4323, CVE-2018-4328, CVE-2018-4358, CVE-2018-4359 – Multiple memory corruption issues were addressed with improved memory handling.
• Impact: Processing maliciously crafted web content may lead to arbitrary code execution

• CVE-2018-4319 -A cross-origin issue existed with “iframe” elements. This was addressed with improved tracking of security origins.
• Impact: A malicious website may cause unexpected cross-origin behavior

• CVE-2018-4309 – A cross-site scripting issue existed in Safari. This issue was addressed with improved URL validation.
  
• Impact – A malicious website may be able to execute scripts in the context of another website

• CVE-2018-4197, CVE-2018-4306, CVE-2018-4312, CVE-2018-4314, CVE-2018-4315, CVE-2018-4317, CVE-2018-4318 –  A use after free issue was addressed with improved memory management.
• Impact: Processing maliciously crafted web content may lead to arbitrary code execution.

• CVE-2018-4345 – A cross-site scripting issue existed in Safari. This issue was addressed with improved URL validation.
• Impact: A malicious website may exfiltrate image data cross-origin

iOS 12.0.1 – VoiceOver & Quick Look

• CVE-2018-4380 –A lock screen issue allowed access to photos and contacts on a locked device. This issue was addressed by restricting options offered on a locked device
• Impact: A local attacker may be able to view photos and contacts from the lock screen

• CVE-2018-4379 –  A lock screen issue allowed access to the share function on a locked device. This issue was addressed by restricting options offered on a locked device.
• Impact: A local attacker may be able to share items from the lock screen

Learn how to update the iOS software on your iPhone, iPad, or iPod touch.

Also Read:

Microsoft Released Security Updates & Fixed 49 Vulnerabilities that Affected Microsoft Products

Cisco Released Security Updates & Fixed 37 Vulnerabilities that Affected Cisco Products

Mozilla Firefox Releases 62.0.3 & Security Updates for 2 High Critical Vulnerabilities