Apple has released a new set of security fixes that address vulnerabilities in Safari, iOS , watchOS , and tvOS . It should be noted that some of the vulnerabilities were disclosed before the security updates, which opened a loophole for threat actors.
What Issues Were Fixed in iOS 12?With the release of iOS 12, Apple focused on improving stability and reliability. However, the latest version also includes several new security-oriented features such as intelligent tracking improvements, surpressed ad targeting, and it also introduces automatic suggestion of strong passwords.
Besides these improvements, the company has addressed several security vulnerabilities:
CVE-2018-4322 this is an Accounts vulnerability which could enable local apps to read a persistent account identifier;
CVE-2018-5383 this is an input validation error which existed in the implementation of the communications protocol which could allow privileged attackers to intercept Bluetooth traffic;
CVE-2018-4330 this issue is described as memory corruption. In case of exploit, attackers could execute arbitrary code;
CVE-2018-4356 this vulnerability has been reported anonymously. It is described as a permission issue in Apple’s mobile operating system which allowed rogue applications to learn information about the user’s current camera view prior to being granted camera access;
CVE-2018-4338 this vulnerability is a validation issue and it allowed attackers to use malicious apps to read restricted memory;
CVE-2018-4363 this is one of the serious security issues in iOS kernel resolved in iOS 12. The bug was reported by Google Project Zero and it’s described as an input validation issue which could allow apps to read restricted memory.
Another severe vulnerability in Apple’s Messages communication platform was also fixed. The flaw is a consistency issue located in the handling of app snapshots, which could allow local attackers to discover the user’s deleted messages.