Apple released a security update for its products including iOS 12.0.1 & iCloud for windows along with fixes for 21 critical vulnerabilities.
In this Apple security updates covered mainly iCloud for Windows 7.7 where there are 19 vulnerabilities are reported and 2 vulnerabilities are reported under iOS 12.0.1 by various companies and individuals that affect WebKit.
Ivan Fratric of Google Project Zero alone reported 9 critical vulnerabilities and his findings are playing a major role in this Apple security updates.
- CVE-2018-4191 – A memory corruption issue was addressed with improved validation
- Impact – Unexpected interaction causes an ASSERT failure in Windows 7 and later version
- CVE-2018-4311 -The issue was addressed by removing origin information.
- Impact – Cross-origin Security Errors includes the accessed frame’s origin in Windows 7 and later version
- CVE-2018-4316 – A memory corruption issue was addressed with improved state management.
- Impact: Processing maliciously crafted web content may lead to arbitrary code execution in Windows 7 and later version.
- CVE-2018-4299, CVE-2018-4323, CVE-2018-4328, CVE-2018-4358, CVE-2018-4359 – Multiple memory corruption issues were addressed with improved memory handling.
- Impact: Processing maliciously crafted web content may lead to arbitrary code execution
- CVE-2018-4319 -A cross-origin issue existed with “iframe” elements. This was addressed with improved tracking of security origins.
- Impact: A malicious website may cause unexpected cross-origin behavior
- CVE-2018-4309 – A cross-site scripting issue existed in Safari. This issue was addressed with improved URL validation.
- Impact – A malicious website may be able to execute scripts in the context of another website
- CVE-2018-4197, CVE-2018-4306, CVE-2018-4312, CVE-2018-4314, CVE-2018-4315, CVE-2018-4317, CVE-2018-4318 – A use after free issue was addressed with improved memory management.
- Impact: Processing maliciously crafted web content may lead to arbitrary code execution.
- CVE-2018-4345 – A cross-site scripting issue existed in Safari. This issue was addressed with improved URL validation.
- Impact: A malicious website may exfiltrate image data cross-origin
- CVE-2018-4380 –A lock screen issue allowed access to photos and contacts on a locked device. This issue was addressed by restricting options offered on a locked device
- Impact: A local attacker may be able to view photos and contacts from the lock screen
- CVE-2018-4379 – A lock screen issue allowed access to the share function on a locked device. This issue was addressed by restricting options offered on a locked device.
- Impact: A local attacker may be able to share items from the lock screen
Learn how to update the iOS software on your iPhone, iPad, or iPod touch.
Microsoft Released Security Updates & Fixed 49 Vulnerabilities that Affected Microsoft Products
Cisco Released Security Updates & Fixed 37 Vulnerabilities that Affected Cisco Products
Mozilla Firefox Releases 62.0.3 & Security Updates for 2 High Critical Vulnerabilities
Phishing attackers used Google Docs to deliver malicious links, bypassing security measures and redirecting victims…
The Python-based NodeStealer, a sophisticated info-stealer, has evolved to target new information and employ advanced…
A significant XSS vulnerability was recently uncovered in Microsoft’s Bing.com, potentially allowing attackers to execute…
Meta has announced the removal of over 2 million accounts connected to malicious activities, including…
Critical security vulnerability has been identified in Veritas Enterprise Vault, a widely-used archiving and content…
A critical security vulnerability has been disclosed in the popular file archiving tool 7-Zip, allowing…