Apple patches critical vulnerabilities in iOS 12 and iCloud, fixes passcode bypass flaws
- With the release of iOS 12.0.1, Apple fixes passcode bypass flaws.
- A total of 19 vulnerabilities in iCloud for Windows was fixed.
Apple has released new security updates along with iOS 12.0.1. The updates fix vulnerabilities affecting the iOS 12 operating system and iCloud for Windows application. The update fixes the passcode bypass vulnerability in the iOS platform and several other critical vulnerabilities related to iCloud.
The update also included fixes for charging and WiFi bugs reported by new iPhone XS users, Bleeping Computer reported.
iOS 12.0.1 fixes passcode bypass flaws
Last week a passcode bypass flaw was discovered in Apple’s iOS 12, which if exploited, could have allowed hackers to view photos and contacts on a locked iPhone. The vulnerability affects iPhone models that come with Face ID and biometric security.
To exploit the vulnerability an attacker must have physical access to the targeted iPhone.
These vulnerabilities were discovered by security researcher Jose Rodriguez, who demonstrated the hijack in a multi-step YouTube video. These vulnerabilities were assigned as CVE-2018-4380 and CVE-2018-4379.
However, Apple has fixed these two vulnerabilities, one of which existed in QuickLook and the other in VoiceOver.
Critical vulnerabilities fixed in iCloud for Windows 7.7.12
The new version of iCould for Windows has fixed 19 security vulnerabilities, of which 13 were rated critical and could allow arbitrary code execution, Bleeping Computer reported.
These vulnerabilities were assigned the following CVE ID’s:
CVE-2018-4191, CVE-2018-4311, CVE-2018-4316, CVE-2018-4299, CVE-2018-4323, CVE-2018-4328, CVE-2018-4358, CVE-2018-4359, CVE-2018-4319, CVE-2018-4309, CVE-2018-4197, CVE-2018-4306, CVE-2018-4312, CVE-2018-4314, CVE-2018-4315, CVE-2018-4317, CVE-2018-4318, CVE-2018-4345, and CVE-2018-4361.