Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Vulnerabilities

Apple Patches Major Security Flaws With iOS 18 Refresh

Apple warns that attackers can use Siri to access sensitive user data, control nearby devices, or view recent photos without authentication. 

iPhone security

Apple’s long-awaited iOS 18 refresh landed Monday with fixes for at least 33 security vulnerabilities that expose iPhones and iPads to an assortment of malicious hacker attacks.

According to a bulletin from Cupertino, iOS 18 has been fitted with fixes for vulnerabilities in core components including accessibility features, Bluetooth, Control Center, and Wi-Fi, with several flaws allowing unauthorized access to sensitive data or full device control.

The company called attention to several problems in the Accessibility component that allow attackers with physical access to devices to use Siri to access sensitive user data, control nearby devices, or view recent photos without authentication. 

Apple also documented a serious bug in the Control Center that could be exploited to allow a mobile app to record the screen without displaying an indicator.

The iOS 18 rollout also fixes a Core Bluetooth flaw that allows a malicious Bluetooth input device to bypass device pairing; a kernel vulnerability that leaks network traffic outside a VPN tunnel; a WiFi bug that allows an attacker to force a device to disconnect from a secure network; and a multiple Safari Private Browsing and sandbox bypasses.

The company did not mark any of the iOS 18 vulnerabilities in the already-exploited category.  

Apple also pushed out macOS Sequoia 15 with a massive batch of patches for security defects across various components of the operating system. 

The company documented multiple critical macOS vulnerabilities that could allow unauthorized access to sensitive user data, privilege escalation, system modification, and unexpected application crashes.

Advertisement. Scroll to continue reading.

Related: Apple Suddenly Drops NSO Group Spyware Lawsuit

Related: Apple Blunts Zero-Day Attacks With iOS 17.4 Update

Related: Apple Ships iOS 17.3, Warns of WebKit Zero-Day Exploitation

Related: Apple Ships iOS 17.2 With Urgent Security Patches

Written By

Ryan Naraine is Editor-at-Large at SecurityWeek and host of the popular Security Conversations podcast series. He is a security community engagement expert who has built programs at major global brands, including Intel Corp., Bishop Fox and GReAT. Ryan is a founding-director of the Security Tinkerers non-profit, an advisor to early-stage entrepreneurs, and a regular speaker at security conferences around the world.

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join SecurityWeek and Hitachi Vantara for this this webinar to gain valuable insights and actionable steps to enhance your organization's data security and resilience.

Register

Event: ICS Cybersecurity Conference

The leading industrial cybersecurity conference for Operations, Control Systems and IT/OT Security professionals to connect on SCADA, DCS PLC and field controller cybersecurity.

Register

People on the Move

Threat intelligence firm Intel 471 has appointed Mark Huebeler as its COO and CFO.

Omkhar Arasaratnam, former GM at OpenSSF, is LinkedIn's first Distinguised Security Engineer

Defense contractor Nightwing has appointed Tricia Fitzmaurice as Chief Growth Officer.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.