Apple Addresses Security Problems in iOS 12, Safári 12

Apple has released a new set of security fixes that address vulnerabilities in Safari, iOS, watchOS, e tvOS. It should be noted that some of the vulnerabilities were disclosed before the security updates, which opened a loophole for threat actors.

What Issues Were Fixed in iOS 12?

With the release of iOS 12, Apple focused on improving stability and reliability. Contudo, the latest version also includes several new security-oriented features such as intelligent tracking improvements, surpressed ad targeting, and it also introduces automatic suggestion of strong passwords.

Besides these improvements, the company has addressed several security vulnerabilities:

CVE-2018-4322 – this is an Accounts vulnerability which could enable local apps to read a persistent account identifier;

CVE-2018-5383 – this is an input validation error which existed in the implementation of the communications protocol which could allow privileged attackers to intercept Bluetooth traffic;

CVE-2018-4330 – this issue is described as memory corruption. In case of exploit, attackers could execute arbitrary code;

CVE-2018-4356 – this vulnerability has been reported anonymously. It is described as a permission issue in Apple’s mobile operating system which allowed rogue applications to learn information about the user’s current camera view prior to being granted camera access;

CVE-2018-4338 – this vulnerability is a validation issue and it allowed attackers to use malicious apps to read restricted memory;

CVE-2018-4363 – this is one of the serious security issues in iOS kernel resolved in iOS 12. The bug was reported by Google Project Zero and it’s described as an input validation issue which could allow apps to read restricted memory.

Another severe vulnerability in Apple’s Messages communication platform was also fixed. The flaw is a consistency issue located in the handling of app snapshots, which could allow local attackers to discover the user’s deleted messages.

Story relacionado: Apple para liberar uma ferramenta online para polícia para solicitar dados do usuário

Flaws in Safari Also Patched

Several issues in Safari browser were also fixed in its latest version, Safári 12: CVE-2018-4307, CVE-2018-4329, e CVE-2018-4195. CVE-2018-4307could allow malicious websites to exfiltrate autofilled data in Safari. CVE-2018-4329 is described as an issue which could prevent to delete browsing history items. CVE-2018-4195 concerns an issue which could lead to user interface spoofing triggered by clicking on a link on a malicious website.

Other issues include a validation vulnerability in the IOMobileFrameBuffer, a password spoofing bug tracked as CVE-2018-4305 in the iTunes Store, and a flaw which could be exploited to recover deleted content from Notes.

por fim, an encryption problem tracked as CVE-2016-1777 triggered by weakness in the RC4 cryptographic algorithm was also patched. To address the flaw, the company removed the protocol altogether.

Milena Dimitrova

Milena Dimitrova

Um escritor inspirado e gerenciador de conteúdo que foi com SensorsTechForum desde o início. Focada na privacidade do usuário e desenvolvimento de malware, ela acredita fortemente em um mundo onde a segurança cibernética desempenha um papel central. Se o senso comum não faz sentido, ela vai estar lá para tomar notas. Essas notas podem mais tarde se transformar em artigos! Siga Milena @Milenyim

mais Posts

Me siga:

Deixe um comentário

seu endereço de e-mail não será publicado. Campos obrigatórios são marcados *

limite de tempo está esgotado. Recarregue CAPTCHA.

Compartilhar no Facebook Compartilhar
Compartilhar no Twitter chilrear
Compartilhar no Google Plus Compartilhar
Partilhar no Linkedin Compartilhar
Compartilhar no Digg Compartilhar
Compartilhar no Reddit Compartilhar
Partilhar no StumbleUpon Compartilhar