Apple releases a series of security patches to fix 51 vulnerabilities in iOS 12.2 version
- Products running tvOS such as Apple TV 4K ad Apple TV HD are affected by 36 vulnerabilities.
- A total of 19 vulnerabilities are found in Webkit, the web browser engine used by Apple.
In a major security update, Apple has released a pool of security patches to fix a total of 51 vulnerabilities found in the products using iOS 12.2 version. The products impacted are iPhone 5s, iPad Air and newer version and 6th generation iPods.
Types of vulnerabilities - Products running tvOS such as Apple TV 4K ad Apple TV HD are affected by 36 vulnerabilities. The list of patches released covers a wide variety of bugs that range from denial-of-service, privilege escalation, information disclosure, root privilege, overwrite an arbitrary file to remote execution.
By far, most of the vulnerabilities (19) have been found in Webkit, the web browser engine of Apple. The Webkit is used in many of Apple’s products including Safari, Mail and App Store. Most prevalent among them are memory corruption flaws: CVE-2019-8536, CVE-2019-8544, CVE-2019-7285, CVE-2019-8556, and CVE-2019-8506. The flaws can enable attackers to execute arbitrary code through specially crafted web content.
Other security issues addressed - Apple’s security patches also addresses six issues affecting the kernel in earlier iOS versions. The security flaws in the question are CVE-2019-8527 (which can cause a system to crash or corrupt), CVE-2019-8540, CVE-2019-6207, CVE-2019-8510 (which can allow malicious apps to read memory layout) and CVE-2019-8514 (privilege escalation vulnerability).
Apart from security fixes for iOS, Apple has also released security updated for other products such as macOS, Safari, Xcode, iTunes and iCloud for Windows.