Update your iOS now!
Apple released iOS 12.2 with security patches in its iOS devices.
Mostly devices were affecting on iPhone 5s and later, iPad Air and later and iPod touch 6th generation.
How to Update your iOS Device?
- connect to the Internet with Wi-Fi.
- Tap Settings > General > Software Update.
- Tap Download and Install the update.
Following Vulnerabilities have been fixed by Apple.
CFString
- Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation
- Impact: Processing a maliciously crafted string may lead to a denial of service
- Description: A validation issue was addressed with improved logic.
configd
- Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation
- Impact: A malicious application may be able to elevate privileges
- Description: A memory initialization issue was addressed with improved memory handling.
Contacts
- Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation
- Impact: A malicious application may be able to elevate privileges
- Description: A buffer overflow issue was addressed with improved memory handling.
CoreCrypto
- Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation
- Impact: A malicious application may be able to elevate privileges
- Description: A buffer overflow was addressed with improved bounds checking.
Exchange ActiveSync
- Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation
- Impact: A user may authorize an enterprise administrator to remotely wipe their device without appropriate disclosure
- Description: This issue was addressed with improved transparency.
FaceTime
- Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation
- Impact: A user’s video may not be paused in a FaceTime call if they exit the FaceTime app while the call is ringing
- Description: An issue existed in the pausing of FaceTime video. The issue was resolved with improved logic.
Feedback Assistant
Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation
- Impact: A malicious application may be able to gain root privileges
- Description: A race condition was addressed with additional validation.
- Impact: A malicious application may be able to overwrite arbitrary files
- Description: This issue was addressed with improved checks.
file
- Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation
- Impact: Processing a maliciously crafted file might disclose user information
- Description: An out-of-bounds read was addressed with improved bounds checking.
GeoServices
- Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation
- Impact: Clicking a malicious SMS link may lead to arbitrary code execution
- Description: A memory corruption issue was addressed with improved validation.
iAP
- Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation
- Impact: A malicious application may be able to elevate privileges
- Description: A buffer overflow was addressed with improved bounds checking.
IOHIDFamily
- Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation
- Impact: A local user may be able to cause unexpected system termination or read kernel memory
- Description: A memory corruption issue was addressed with improved state management.
IOKit
- Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation
- Impact: A local user may be able to read kernel memory
- Description: A memory initialization issue was addressed with improved memory handling.
IOKit SCSI
- Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation
- Impact: An application may be able to execute arbitrary code with kernel privileges
- Description: A memory corruption issue was addressed with improved input validation.
Kernel
Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation
- Impact: A remote attacker may be able to cause unexpected system termination or corrupt kernel memory
- Description: A buffer overflow was addressed with improved size validation.
- Impact: An application may be able to gain elevated privileges
- Description: A logic issue was addressed with improved state management.
- Impact: A malicious application may be able to determine kernel memory layout
- Description: A memory initialization issue was addressed with improved memory handling.
- Impact: A local user may be able to read kernel memory
- Description: A memory corruption issue was addressed with improved memory handling.
- Impact: A malicious application may be able to determine kernel memory layout
- Description: An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed with improved input validation.
- Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation
- Impact: Processing a maliciously crafted mail message may lead to S/MIME signature spoofing
- Description: This issue was addressed with improved checks.
Messages
- Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation
- Impact: A local user may be able to view sensitive user information
- Description: An access issue was addressed with additional sandbox restrictions.
Power Management
- Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation
- Impact: A malicious application may be able to execute arbitrary code with system privileges
- Description: Multiple input validation issues existed in MIG generated code. These issues were addressed with improved validation.
Privacy
- Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation
- Impact: A malicious app may be able to track users between installs
- Description: A privacy issue existed in motion sensor calibration. This issue was addressed with improved motion sensor processing.
ReplayKit
- Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation
- Impact: A malicious application may be able to access the microphone without indication to the user
- Description: An API issue existed in the handling of microphone data. This issue was addressed with improved validation.
Safari
- Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation
- Impact: A website may be able to access sensor information without user consent
- Description: A permissions issue existed in the handling of motion and orientation data. This issue was addressed with improved restrictions.
Safari Reader
- Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation
- Impact: Enabling the Safari Reader feature on a maliciously crafted webpage may lead to universal cross site scripting
- Description: A logic issue was addressed with improved validation.
Siri
- Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation
- Impact: A malicious application may be able to initiate a Dictation request without user authorization
- Description: An API issue existed in the handling of dictation requests. This issue was addressed with improved validation.
TrueTypeScaler
- Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation
- Impact: Processing a maliciously crafted font may result in the disclosure of process memory
- Description: An out-of-bounds read was addressed with improved bounds checking.
WebKit
Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation
- Impact: Processing maliciously crafted web content may lead to universal cross site scripting
- Description: A logic issue was addressed with improved validation.
- Impact: Processing maliciously crafted web content may lead to arbitrary code execution
- Description: A memory corruption issue was addressed with improved state management.
- Impact: A sandboxed process may be able to circumvent sandbox restrictions
- Description: A memory corruption issue was addressed with improved validation.
- Impact: A malicious website may be able to execute scripts in the context of another website and Processing maliciously crafted web content may result in the disclosure of process memory
- Description: A logic issue was addressed with improved validation.
- Impact: Processing maliciously crafted web content may lead to arbitrary code execution
- Description: A type confusion issue was addressed with improved memory handling.
- Impact: Processing maliciously crafted web content may lead to arbitrary code execution
- Description: A use after free issue was addressed with improved memory management.
- Impact: Processing maliciously crafted web content may lead to arbitrary code execution
- Description: A memory corruption issue was addressed with improved memory handling.
- Impact: Processing maliciously crafted web content may disclose sensitive user information
- Description: A cross-origin issue existed with the fetch API. This was addressed with improved input validation.
- Impact: A website may be able to access the microphone without the microphone use indicator being shown
- Description: A consistency issue was addressed with improved state handling.
- Impact: Processing maliciously crafted web content may lead to arbitrary code execution
- Description: Multiple memory corruption issues were addressed with improved memory handling.
Wi-Fi
- Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation
- Impact: A device may be passively tracked by its WiFi MAC address
- Description: A user privacy issue was addressed by removing the broadcast MAC address.
XPC
- Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation
- Impact: A malicious application may be able to overwrite arbitrary files
- Description: This issue was addressed with improved checks.
