Security updates Apple released this week for iOS, macOS, Safari, tvOS and watchOS include patches for 21 vulnerabilities that affect open source web browser engine WebKit.
These bugs include 20 memory corruption issues that could lead to arbitrary code execution during the processing of maliciously crafted web content. Apple says it addressed the flaws with improved memory handling.
Additionally, the company addressed an out-of-bounds vulnerability in WebKit, which could result in the disclosure of process memory when processing of maliciously crafted web content. Apple improved input validation to resolve the issue.
The patches for all of these vulnerabilities were also included in Safari 12.1.1.
In addition to the flaws in WebKit, Apple addressed 21 other flaws in iOS. These bugs impacted components such as Contacts, Disk Images, Kernel, Lock Screen, Mail, Mail Message Framework, Photos Storage, SQLite, Status Bar, and Wi-Fi.
Exploitation of these bugs could lead to arbitrary code execution, exposure of restricted memory, system termination, kernel memory write, privilege escalation, sandbox restrictions bypass, file system modification, disclosure of process memory, or passive device tracking.
All of the issues were resolved in iOS 12.3, now rolling out to iPhone 5s and later, iPad Air and later, and iPod touch 6th generation.
A total of 45 vulnerabilities were addressed with the release of macOS Mojave 10.14.5, Security Update 2019-003 High Sierra, and Security Update 2019-003 Sierra for macOS Sierra 10.12.6, macOS High Sierra 10.13.6, and macOS Mojave 10.14.4 devices.
Impacted components included Accessibility Framework, AMD, Application Firewall, CoreAudio, Disk Images, EFI, Intel Graphics Driver, Kernel, Security, SQLite, and WebKit. The flaws could lead to arbitrary code execution, Gatekeeper checks bypass, the loading of unsigned kernel extensions, kernel memory read/write, and privilege escalation, among others.
tvOS 12.3 includes patches for 35 vulnerabilities, including the 21 flaws in WebKit. Other impacted components include CoreAudio, Disk Images, Kernel, SQLite, sysdiagnose, and Wi-Fi.
watchOS 5.2.1 was released with patches for 21 vulnerabilities, including 4 in WebKit. Other impacted components include CoreAudio, Disk Images, Kernel, Mail, Mail Message Framework, SQLite, sysdiagnose, and Wi-Fi.
Apple TV Software 7.3 arrived this week with fixes for 3 vulnerabilities impacting Bluetooth and Wi-Fi. By exploiting these flaws, an attacker may cause an unexpected application termination or arbitrary code execution, or could execute arbitrary code on the Wi-Fi chip when in range.
Related: Apple Patches Vulnerabilities in iOS, macOS, Safari
Related: Apple, Oracle, VMware Software Hacked at Pwn2Own 2019
More from Ionut Arghire
- Millions Stolen in Hack at Cryptocurrency ATM Manufacturer General Bytes
- NBA Notifying Individuals of Data Breach at Mailing Services Provider
- Adobe Acrobat Sign Abused to Distribute Malware
- Latitude Financial Services Data Breach Impacts 300,000 Customers
- US Government Warns Organizations of LockBit 3.0 Ransomware Attacks
- New ‘Trigona’ Ransomware Targets US, Europe, Australia
- New Espionage Group ‘YoroTrooper’ Targeting Entities in European, CIS Countries
- CISA Seeks Public Opinion on Cloud Application Security Guidance
Latest News
- Ferrari Says Ransomware Attack Exposed Customer Data
- Aembit Scores $16.6M Seed Funding for Workload IAM Technology
- Millions Stolen in Hack at Cryptocurrency ATM Manufacturer General Bytes
- Waterfall Security, TXOne Networks Launch New OT Security Appliances
- Hitachi Energy Blames Data Breach on Zero-Day as Ransomware Gang Threatens Firm
- NBA Notifying Individuals of Data Breach at Mailing Services Provider
- Adobe Acrobat Sign Abused to Distribute Malware
- New York Man Arrested for Running BreachForums Cybercrime Website
