Apple Released iOS 12.2 With Multiple Critical Bug Fixes

  • 382
  •  
  •  
  • 1
  •  
  •  
  •  
    383
    Shares

Apple has launched iOS 12.2 introducing many new features. But, what’s different with this release is the number of security patches included in it. Allegedly, Apple has fixed as much as 51 different security vulnerabilities with this software release.

Critical Vulnerability In Apple ReplayKit

This week, Apple has released the second major update for iOS 12 – the iOS 12.2 – that patches major security vulnerabilities. One such vulnerability patched with this release could allow potential attackers to intercept victim conversations.

As disclosed by Apple in its detailed advisory, the vulnerability (CVE-2019-8566) existed in Apple ReplayKit. Due to this flaw in API, a potential attacker could access the target device’s microphone without alerting the user.

Apple has patched this vulnerability ‘with improved validation’.

Numerous WebKit Bugs Received Fixes

Apple has also patched 19 vulnerabilities in WebKit – the core of Safari browser. Around 11 of these 19 bugs hinted memory corruption issues, of which, 10 could lead to arbitrary code execution. Whereas, the other memory corruption issue (CVE-2019-8562) could allow a sandbox process to bypass sandbox restrictions.

The other vulnerabilities receiving fixes in this component include a logic issue triggering cross-site scripting (CVE-2019-8551), a consistency issue allowing website(s) to access the microphone without showing indicator (CVE-2019-6222), a fetch API cross-origin issue leading to information disclosure (CVE-2019-8515), two use after free vulnerabilities allowing arbitrary code execution (CVE-2019-7285 and CVE-2019-8556), a type confusion issue leading to arbitrary code execution (CVE-2019-8506), a logic issue that could allow a website “to execute scripts in the context of another website” (CVE-2019-8503), and a validation issue that could result in process memory disclosure (CVE-2019-7292).

In the entire update bundle, this component has received maximum bug fixes with iOS 12.2.

Other Vulnerabilities Fixed In iOS 12.2

Besides the above, Apple has also fixed a bunch of other important security vulnerabilities in various components. This includes a memory corruption issue in GeoServices (CVE-2019-8553) that could lead to arbitrary code execution after the user clicks on a malicious SMS link.

Alongside the release of iOS 12.2, Apple has also released updated for other products. These include security updated with Safari 12.1, iTunes 12.9.4 for Windows, macOS Mojave 10.14.4, Xcode 10.2 and tvOS 12.2.

Earlier, Apple had also patched numerous security vulnerabilities at the time of launch of iOS 12.1.

The following two tabs change content below.
Avatar

Abeerah Hashim

Abeerah has been a passionate blogger for several years with a particular interest towards science and technology. She is crazy to know everything about the latest tech developments. Knowing and writing about cybersecurity, hacking, and spying has always enchanted her. When she is not writing, what else can be a better pastime than web surfing and staying updated about the tech world! Reach out to me at: [email protected]
Avatar

Abeerah Hashim

Abeerah has been a passionate blogger for several years with a particular interest towards science and technology. She is crazy to know everything about the latest tech developments. Knowing and writing about cybersecurity, hacking, and spying has always enchanted her. When she is not writing, what else can be a better pastime than web surfing and staying updated about the tech world! Reach out to me at: [email protected]

Do NOT follow this link or you will be banned from the site!