Apple Patches Dozens of Vulnerabilities Across All Platforms

Last week, Apple released a brand new set of security patches to fix dozens of vulnerabilities impacting iOS, macOS, watchOS, and tvOS, as well as Windows software.

The iOS 11.3 release came out on Thursday and addressed more than 40 security bugs that affected iPhone 5s and later, iPad Air and later, and iPod touch 6th generation.

The most affected was WebKit, with a total of 19 issues resolved. Among the other impacted components were CoreText, CoreFoundation, iCloud Drive, File System Events, Mail, PluginKit, Kernel, Security, Storage, and Safari.

By exploiting any of these security flaws, a hacker could run arbitrary code on the vulnerable device and the malicious applications could elevate their privileges.

Apart from the above-mentioned, the flaws exploitation could also result in data exfiltration, user interface spoofing, interception of encrypted email contents, keylogging, denial of service, disabling of features, and causing device restarts.

By releasing macOS High Sierra 10.13.4, Security Update 2018-002 Sierra, and Security Update 2018-002 El Capitan, Apple managed to resolve 35 vulnerabilities in total. The flaws impacted OS X El Capitan 10.11.6, macOS High Sierra 10.13.3, and macOS Sierra 10.12.6.

Among the impacted components were as follows: Admin Framework, APFS, CoreFoundation, CoreText, CoreTypes, Disk Images, Disk Management, File System Events, iCloud Drive, Intel Graphics Driver, Kernel, LaunchServices, Mail, Notes, PluginKit, Security, System Preferences, and Terminal.

If exploited, these vulnerabilities may lead to disclosed user information, exposed passwords, elevation of privilege, arbitrary code execution, denial of service, reading of restricted memory, interception and exfiltration of encrypted email contents, code signing enforcement bypass, arbitrary command execution spoofing, and keylogging.

Last Thursday, Apple released Safari 11.1 which fixed 23 security vulnerabilities. Two of these flaws were found in Safari, 1 was in Safari Login AutoFill, and the remaining 20 affected WebKit.

The tvOS 11.3 release patched a total of 28 bugs which affected Apple TV 4K and Apple TV (4th generation).

Additionally, Apple released the Xcode patch 9.3 that resolved a number of issues in LLVM. The bugs impacted macOS High Sierra 10.13.2 or later.

iCloud for Windows 7.4 patched 20 vulnerabilities, 19 of which impacted WebKit, the same as iTunes 12.7.4 for Windows does.

The above-mentioned flaws could result in elevation of privileges, arbitrary code execution, denial of service, ASSERT failure, and malicious websites exfiltrating data cross-origin.

Leave a Comment

Your email address will not be published.

Time limit is exhausted. Please reload CAPTCHA.