51 Bugs Fixed in iOS 12.2, Including CVE-2019-8566 That Accessed Microphone
CYBER NEWS

51 Bugs Fixed in iOS 12.2, Including CVE-2019-8566 That Accessed Microphone

1 Star2 Stars3 Stars4 Stars5 Stars (No Ratings Yet)
Loading...

Apple’s latest security advisory contains a total of 51 security vulnerabilities. The company released iOS 12.2 to address these flaws that affect iPhone 5 and later, iPad Air and later, and iPod touch 6th generation.




51 Vulnerabilities Fixed in iOS 12.2

Most of the vulnerabilities are located in WebKit, Apple’s web rendering engine, utilized by apps and web browsers. One of these vulnerabilities is CVE-2019-6222, which could enable a website to access the microphone of the device, without any indication of use.

Another one, CVE-2019-8515, is described as a cross-origin issue with the fetch API which could be exploited by processing maliciously crafted web content to disclose sensitive user information.

CVE-2019-8503, which is also located in WebKit, is a logic issue that could have allowed malicious websites to execute scripts in the context of another site.

CVE-2019-8566 Gave Access to Microphone

However, the most alarming issue appears to be CVE-2019-8566, a vulnerability in Apple’s ReplayKit. The ReplayKit is utilized by various iOS apps, and is a component for recording and streaming audio and video feeds from a device.

According to the advisory, the vulnerability in this component would have allowed malicious applications to access microphones without indication to the user, thus letting them record or stream nearby conversations.

Related: iOS Apps Packed with Location Data Monetization Code.

An API issue existed in the handling of microphone data. This issue was addressed with improved validation,” the advisory said.

Another serious issue affects GeoServices, the component that navigates the geo-location data. Clicking a malicious SMS link could have led to arbitrary code execution due to CVE-2019-8553, a memory corruption bug.

CVE-2019-8553 was also addressed in iOS 12.2, a memory handling issue.

In fact, it turns out that memory handling flaws are among the most prevalent security bugs. According to Microsoft, 70 percent of all security vulnerabilities addressed by the company are indeed related to memory handling.

Apple also fixed several kernel issues, such as CVE-2019-8514 which could have allowed an application to gain elevated privileges, and CVE-2019-7293, which could have allowed a local user to read kernel memory.

Avatar

Milena Dimitrova

An inspired writer and content manager who has been with SensorsTechForum for 4 years. Enjoys ‘Mr. Robot’ and fears ‘1984’. Focused on user privacy and malware development, she strongly believes in a world where cybersecurity plays a central role. If common sense makes no sense, she will be there to take notes. Those notes may later turn into articles!

More Posts

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Share on Facebook Share
Loading...
Share on Twitter Tweet
Loading...
Share on Google Plus Share
Loading...
Share on Linkedin Share
Loading...
Share on Digg Share
Share on Reddit Share
Loading...
Share on Stumbleupon Share
Loading...