Apple Secures iOS with Newest Update
- Written by TechXO Team
- Category: Apps
- Hits: 617
Apple has just released its newest iOS update. The latest version is iOS 12.2 and it fixed more than 51 security vulnerabilities that are absolutely annoying.
The CVE-2019-8566 is no doubt the most daunting security bug in Apple’s ReplayKit. It enables a website to access the microphone of the device, with no sign of use. The feature is for recording and streaming audio and video support.
On a statement given by Apple, the tech giant explained that a bug that existed in this feature permitted malicious applications to gain access to an Apple device’s microphones without giving any sign to an Apple user, and sneakily record or stream nearby conversations.
Apple said, “An API issue existed in the handling of microphone data. This issue was addressed with improved validation.”
ARBITRARY CODE EXECUTION EXPLOITATION THROUGH SMS LINKS
One more important flaw addressed in the launch is the vulnerability disturbing iOS Geoservices, the feature responsible for working with geo-location information.
Apple announced that it repaired a bug reported by an anonymous tech researcher who figured out a way to execute code on an iOS gadget by sending links via SMS messages. If the iOS user tapped these malformed links, then the attacker could run malicious code on the device.
The vulnerability CVE-2019-8553, a memory handling issue is also fixed iOS 12.2. Apple is not the only one to face memory handling bugs. In fact, it turns out that memory handling flaws are among the most prevalent security bugs. Earlier this year, Microsoft announced that memory handling issue is nearly 70 percent of all security bugs it fixes every year.
THE ABUNDANCE OF WEBKIT BUGS
The Geoservices SMS link bug issue is not the only memory-related bug patched in the newest iOS 12.2.
Another memory corruption problem that could also lead to code execution with important privileges was also fixed in the IOKit SCSI and Power Management components.
The heart of the Safari browser, the WebKit also experiences similar memory corruption issues that could entail to malicious code execution.
Apple did not fix just one bug. It patched the following bugs below.
So far, WebKit acquired the most security fixes overall. Aside from the code execution vulnerabilities, Apple also mended a universal cross-site scripting (XSS) vulnerability that affected the WebKit engine and worked on any website (CVE-2019-8551), together with a perilous sandbox escape issue (CVE-2019-8562) that could have permitted malicious code to break away from the browser process and run on the underlying OS.
Denis Markov of Resonance Software discovered that malicious websites may have the ability to access an iOS user’s microphone without any indicator being displayed (CVE-2019-6222).
KEYSTEAL ZERO-DAY RECEIVES A PATCH
We will summarize for you the most dangerous security bugs fixed in iOS and its components. Several bugs, like the Safari and WebKit issues, also affected other Apple products where they are also rooted.
Aside from security fixes for iOS, Apple also released security updates for other Apple devices like macOS, tvOS, Safari, Xcode, iTunes, and iCloud for Windows.
The launch of iOS 12.2 may have caught the entire world’s attention because of the release of the Apple News Plus and Apple Card services.
Apple users would be doing themselves a bigger favor if they update their iOS to version 12.2 security repairs.
If you update your macOS to the recent 10.14.4, the update will also fix the KeySteal zero-day, that allowed malicious threat to steal passwords from the macOS Keychain.