Apple Patches 51 Serious Security Flaws in iOS 12.2 Update

Apple has released a new update of its iOS operating system for iPhone 5s and later, iPad Air and later, and 6th gen iPods. An update is also available for tvOS for Apple TV HD and Apple TV 4K.

The latest version of the operating system includes patches for 51 serious flaws that could potentially be exploited for DoS attacks, privilege escalation, gaining root access to vulnerable devices, stealing data, and executing malicious code. 36 of the vulnerabilities also affect tvOS.

The largest percentage of flaws were in the Apple web browser engine, Webkit. 19 Webkit flaws were fixed in iOS 12.2, most of which are memory corruption vulnerabilities which could allow attackers to execute arbitrary code by getting users to visit malicious webpages. The memory corruption vulnerabilities are tracked as CVE-2019-6201, CVE-2019-8518, CVE-2019-8523, CVE-2019-8524, CVE-2019-8558, CVE-2019-8559, CVE-2019-8563, CVE-2019-8562, CVE-2019-8536, CVE-2019-8544, CVE-2019-8535.

Apple fixed an iOS vulnerability in ReplayKit – The service that allows game developers to allow players to record and share gameplay. If exploited, the vulnerability would allow attackers to access the microphone on a vulnerable device and eavesdrop on users. The vulnerability is tracked as CVE-2019-8566.

Another vulnerability affecting the microphone that was addressed is CVE-2019-6222. This vulnerability allows an attacker to access the microphone without the indicator being shown that the microphone is active.

Two vulnerabilities – CVE-2019-8551 and CVE-2019-8515 – were fixed which could allow cross site scripting attacks which could lead to the exposure of sensitive information. Two use-after-free vulnerabilities – CVE-2019-7285 and CVE-2019-8556 – have also been addressed, both of which could allow remote code execution if exploited.

Six flaws in the kernel affecting early versions of IOS have also been addressed. These are: CVE-2019-8510, CVE-2019-8514, CVE-2019-8527, CVE-2019-8540, CVE-2019-6207, and CVE-2019-729.

All of the vulnerabilities are serious so users should update to the latest version of the operating system as soon as possible.

Author: Richard Anderson

Richard Anderson is the Editor-in-Chief of NetSec.news