Connect with us

Hi, what are you looking for?


Mobile & Wireless

Apple Patches Passcode Bypass, FaceTime Flaws in iOS

Security updates released by Apple on Tuesday for its macOS, iOS, tvOS, watchOS, Safari, iCloud and iTunes products address tens of new vulnerabilities.

Security updates released by Apple on Tuesday for its macOS, iOS, tvOS, watchOS, Safari, iCloud and iTunes products address tens of new vulnerabilities.

The advisory published by Apple for macOS lists over 70 CVE identifiers. This includes vulnerabilities affecting third-party components and flaws that were previously addressed by Apple and for which patches were now backported to older versions of the operating system.

The security holes patched this week can be exploited for arbitrary code execution, privilege escalation, information leakage, and denial-of-service (DoS) attacks.

The more interesting vulnerabilities include a crypto issue discovered by a team of researchers from two universities, flaws that allow applications to execute code with elevated privileges, and a user interface spoofing bug in the Mail app. The latest updates for macOS 10.14 Mojave also patch Variant 3a of the speculative execution bugs known as Spectre and Meltdown, and some vulnerabilities discovered by researcher Patrick Wardle, including one disclosed shortly after the launch of Mojave.

Apple has also patched over 20 vulnerabilities in iOS 12. This includes several FaceTime issues discovered by Natalie Silvanovich of Google Project Zero. The researcher found four memory corruptions that could result in data leaks or arbitrary code execution. Some of these flaws allow a remote attacker to execute code by initiating a FaceTime call, Apple said.

iOS 12.1 also resolves two lockscreen bypass vulnerabilities disclosed recently by Jose Rodriguez, known for his YouTube channel videosdebarraquito. Rodriguez found that the passcode can be bypassed on an iPhone by leveraging the VoiceOver (CVE-2018-4387) and Notes (CVE-2018-4388) features. The researcher discovered these weaknesses just days after Apple released patches for similar passcode bypass methods that he had previously found.

Many of the iOS vulnerabilities were also patched by Apple in tvOS and watchOS, both of which are based on the mobile operating system. Some of the flaws were also found to impact Safari and the iTunes and iCloud applications for Windows.

Advertisement. Scroll to continue reading.

Code analysis firm Semmle on Tuesday disclosed the details of a code execution vulnerability discovered by one of its researchers. Apple first fixed the bug in September with the release of iOS 12 and macOS Mojave, but this week it also backported the patches to macOS Sierra and High Sierra.

Related: Mac Apps From Apple’s App Store Steal User Data, Researchers Say

Related: Google Criticizes Apple Over Safari Security, Flaw Disclosures

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.


Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.


Expert Insights

Related Content


Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...


The latest Chrome update brings patches for eight vulnerabilities, including seven reported by external researchers.


Patch Tuesday: Microsoft warns vulnerability (CVE-2023-23397) could lead to exploitation before an email is viewed in the Preview Pane.


Apple has released updates for macOS, iOS and Safari and they all include a WebKit patch for a zero-day vulnerability tracked as CVE-2023-23529.

IoT Security

A group of seven security researchers have discovered numerous vulnerabilities in vehicles from 16 car makers, including bugs that allowed them to control car...

Mobile & Wireless

Infonetics Research has shared excerpts from its Mobile Device Security Client Software market size and forecasts report, which tracks enterprise and consumer security client...