Apple just launched iOS 12.2, updating its operating system to correct a total of 51 security vulnerabilities that impacted on iPhone 5s and later models, iPad Air and later models and iPod Touch sixth generation, reported experts from the best ethical hacking institute, besides the International Institute of Cyber Security (IICS).
As reported, most of the vulnerabilities
patched by Apple reside on the Web Rendering Engine Webkit, used by multiple
applications and web browsers executable in the operating system of the
company.
According to the experts from the best ethical
hacking institute, with just opening any kind of vulnerable content based on
WebKit, users could be exposed to arbitrary code execution, confidential
information leaking, sandbox
environment bypassing or XSS attacks.
Among the corrected WebKit vulnerabilities is
listed CVE-2019-6222, a security issue that allows malicious websites to enable
the microphone of the compromised iOS device without showing signs of this
action. A similar vulnerability (CVE-2019-8566) was corrected in the Apple
ReplayKit API, which could allow a malicious application to access the iOS
device’s microphone without the user noticing.
The company also corrected a critical flaw in
WebKit. According to the vulnerability report (tracked as CVE-2019-8503), this would
have allowed a malicious websites to run scripts in the context of another
site, thus making it possible to extract information stored on other sites, as
well as to deploy dangerous variants of attacks.
Experts from the best ethical hacking institute
mention that, in addition to the issues with WebKit, a critical vulnerability
was also corrected in previous versions of the Apple operating system that
could lead to arbitrary code execution through malicious links embedded in SMS
messages.
Apple corrected a total of six vulnerabilities in the iOS kernel. One of these flaws (CVE-2019-8527) would have enabled hackers to block systems or damage kernel memory remotely. Another critical vulnerability (CVE-2019-8514) could have been exploited to perform privilege escalations, among other malicious actions.
