Apple released a security update for its products including iOS 12.0.1 & iCloud for windows along with fixes for 21 critical vulnerabilities.
In this Apple security updates covered mainly iCloud for Windows 7.7 where there are 19 vulnerabilities are reported and 2 vulnerabilities are reported under iOS 12.0.1 by various companies and individuals that affect WebKit.
Ivan Fratric of Google Project Zero alone reported 9 critical vulnerabilities and his findings are playing a major role in this Apple security updates.
- CVE-2018-4191 – A memory corruption issue was addressed with improved validation
- Impact – Unexpected interaction causes an ASSERT failure in Windows 7 and later version
- CVE-2018-4311 -The issue was addressed by removing origin information.
- Impact – Cross-origin Security Errors includes the accessed frame’s origin in Windows 7 and later version
- CVE-2018-4316 – A memory corruption issue was addressed with improved state management.
- Impact: Processing maliciously crafted web content may lead to arbitrary code execution in Windows 7 and later version.
- CVE-2018-4299, CVE-2018-4323, CVE-2018-4328, CVE-2018-4358, CVE-2018-4359 – Multiple memory corruption issues were addressed with improved memory handling.
- Impact: Processing maliciously crafted web content may lead to arbitrary code execution
- CVE-2018-4319 -A cross-origin issue existed with “iframe” elements. This was addressed with improved tracking of security origins.
- Impact: A malicious website may cause unexpected cross-origin behavior
- CVE-2018-4309 – A cross-site scripting issue existed in Safari. This issue was addressed with improved URL validation.
- Impact – A malicious website may be able to execute scripts in the context of another website
- CVE-2018-4197, CVE-2018-4306, CVE-2018-4312, CVE-2018-4314, CVE-2018-4315, CVE-2018-4317, CVE-2018-4318 – A use after free issue was addressed with improved memory management.
- Impact: Processing maliciously crafted web content may lead to arbitrary code execution.
- CVE-2018-4345 – A cross-site scripting issue existed in Safari. This issue was addressed with improved URL validation.
- Impact: A malicious website may exfiltrate image data cross-origin
- CVE-2018-4380 –A lock screen issue allowed access to photos and contacts on a locked device. This issue was addressed by restricting options offered on a locked device
- Impact: A local attacker may be able to view photos and contacts from the lock screen
- CVE-2018-4379 – A lock screen issue allowed access to the share function on a locked device. This issue was addressed by restricting options offered on a locked device.
- Impact: A local attacker may be able to share items from the lock screen
Learn how to update the iOS software on your iPhone, iPad, or iPod touch.
Microsoft Released Security Updates & Fixed 49 Vulnerabilities that Affected Microsoft Products
Cisco Released Security Updates & Fixed 37 Vulnerabilities that Affected Cisco Products
Mozilla Firefox Releases 62.0.3 & Security Updates for 2 High Critical Vulnerabilities
The LightSpy threat actor exploited publicly available vulnerabilities and jailbreak kits to compromise iOS devices.…
White House National Cyber Director, CEOs, Key Financial Services Companies, Congressional and Executive Branch Experts…
Cybersecurity experts have identified a new Remote Access Trojan (RAT) named PySilon. This Trojan exploits…
The notorious Konni Advanced Persistent Threat (APT) group has intensified its cyber assault on organizations…
Google has updated its Chrome browser, addressing critical vulnerabilities that posed potential risks to millions…
WrnRAT is a new malware attack that cybercriminals have deployed by using popular gambling games…