Security updates released by Apple on Tuesday for its macOS, iOS, tvOS, watchOS, Safari, iCloud and iTunes products address tens of new vulnerabilities.
The advisory published by Apple for macOS lists over 70 CVE identifiers. This includes vulnerabilities affecting third-party components and flaws that were previously addressed by Apple and for which patches were now backported to older versions of the operating system.
The security holes patched this week can be exploited for arbitrary code execution, privilege escalation, information leakage, and denial-of-service (DoS) attacks.
The more interesting vulnerabilities include a crypto issue discovered by a team of researchers from two universities, flaws that allow applications to execute code with elevated privileges, and a user interface spoofing bug in the Mail app. The latest updates for macOS 10.14 Mojave also patch Variant 3a of the speculative execution bugs known as Spectre and Meltdown, and some vulnerabilities discovered by researcher Patrick Wardle, including one disclosed shortly after the launch of Mojave.
Apple has also patched over 20 vulnerabilities in iOS 12. This includes several FaceTime issues discovered by Natalie Silvanovich of Google Project Zero. The researcher found four memory corruptions that could result in data leaks or arbitrary code execution. Some of these flaws allow a remote attacker to execute code by initiating a FaceTime call, Apple said.
iOS 12.1 also resolves two lockscreen bypass vulnerabilities disclosed recently by Jose Rodriguez, known for his YouTube channel videosdebarraquito. Rodriguez found that the passcode can be bypassed on an iPhone by leveraging the VoiceOver (CVE-2018-4387) and Notes (CVE-2018-4388) features. The researcher discovered these weaknesses just days after Apple released patches for similar passcode bypass methods that he had previously found.
Many of the iOS vulnerabilities were also patched by Apple in tvOS and watchOS, both of which are based on the mobile operating system. Some of the flaws were also found to impact Safari and the iTunes and iCloud applications for Windows.
Code analysis firm Semmle on Tuesday disclosed the details of a code execution vulnerability discovered by one of its researchers. Apple first fixed the bug in September with the release of iOS 12 and macOS Mojave, but this week it also backported the patches to macOS Sierra and High Sierra.
Related: Mac Apps From Apple’s App Store Steal User Data, Researchers Say
Related: Google Criticizes Apple Over Safari Security, Flaw Disclosures

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.
More from Eduard Kovacs
- In Other News: AI Regulation, Layoffs, US Aerospace Attacks, Post-Quantum Encryption
- Evidence Suggests Ransomware Group Knew About MOVEit Zero-Day Since 2021
- Vulnerabilities in Honda eCommerce Platform Exposed Customer, Dealer Data
- Barracuda Urges Customers to Replace Hacked Email Security Appliances
- Google Patches Third Chrome Zero-Day of 2023
- ChatGPT Hallucinations Can Be Exploited to Distribute Malicious Code Packages
- AntChain, Intel Create New Privacy-Preserving Computing Platform for AI Training
- Several Major Organizations Confirm Being Impacted by MOVEit Attack
Latest News
- In Other News: AI Regulation, Layoffs, US Aerospace Attacks, Post-Quantum Encryption
- Blackpoint Raises $190 Million to Help MSPs Combat Cyber Threats
- Google Introduces SAIF, a Framework for Secure AI Development and Use
- ‘Asylum Ambuscade’ Group Hit Thousands in Cybercrime, Espionage Campaigns
- Evidence Suggests Ransomware Group Knew About MOVEit Zero-Day Since 2021
- SaaS Ransomware Attack Hit Sharepoint Online Without Using a Compromised Endpoint
- Google Cloud Now Offering $1 Million Cryptomining Protection
- Democrats and Republicans Are Skeptical of US Spying Practices, an AP-NORC Poll Finds
