Apple Releases Security Updates for iOS and iCloud, Fixes Passcode Bypass

Haythem Elmir

Apple has released a new round of security updates for iOS 12 and iCloud that resolve numerous vulnerabilities. For iOS, these updates resolve two passcode bypasses and for iCloud there are numerous, including critical, vulnerabilities that were fixed.

Included in this update are also fixes for the charging and WiFi bugs that users of the new iPhone XS have been experiencing.

iOS 12.0.1 fixes two passcode bypass bugs

With the release of iOS 12.0.1, Apple fixed two vulnerabilities, one in QuickLook and the other in VoiceOver, that would allow you to bypass the iOS lock screen and see contacts, photos, emails, and telephone numbers. Both of these vulnerabilities were discovered by security researcher Jose Rodriguez, who demonstrated how to perform them in two YouTube videos.

Exploiting these vulnerabilities require a lot of steps, access to the phone, and from the videos, are not easy tasks to perform.  You can see Rodriguez performing one of the vulnerabilities in the video below.

These vulnerabilities have been assigned CVE IDs CVE-2018-4380 and CVE-2018-4379. .

iCloud for Windows 7.7 12 tackles critical vulnerabilities

With the release of iCloud for Windows 7.7.12, Apple patches 19 security vulnerabilities, with 13 of them being the most critical as they allow arbitrary code execution. Code execution vulnerabilities are the most dangerous as they allow attackers to execute commands on a device remotely.

These vulnerabilities were assigned the following CVE IDs: CVE-2018-4191, CVE-2018-4311, CVE-2018-4316, CVE-2018-4299, CVE-2018-4323, CVE-2018-4328, CVE-2018-4358, CVE-2018-4359, CVE-2018-4319, CVE-2018-4309, CVE-2018-4197, CVE-2018-4306, CVE-2018-4312, CVE-2018-4314, CVE-2018-4315, CVE-2018-4317, CVE-2018-4318, CVE-2018-4345, and CVE-2018-4361.

To read the original article

Laisser un commentaire

Next Post

Meet GhostDNS: The dangerous malware behind IoT botnet targeting banks

Security researchers at NetLab, a sub-division of the Chinese cybersecurity firm Qihoo 360, have discovered a new, wide-scale, and very active malware campaign that has managed to hijack more than 100,000 home routers between Sept 21 and 27. A majority of routers (almost 88%) are located in Brazil. The malware […]