Apple released security updates to address vulnerabilities in multiple products where a remote attacker could exploit vulnerabilities to take control of an affected system.
Apple has updates for iCloud for Windows 7.11, iTunes 12.9.4 for Windows, Safari 12.1, macOS Mojave 10.14.4, Security Update 2019-002 High Sierra, Security Update 2019-002 Sierra, tvOS 12.2, Xcode 10.2, and iOS 12.2.
WebKit, a browser engine used in Apple’s Safari browser and other products, ended up getting patches for 19 vulnerabilities.
The vulnerabilities include cross site scripting, arbitrary code execution, information disclosure, and disclosure of process memory.
Among the fixes to the multiple WebKit holes, Apple said:
• A type confusion issue was addressed with improved memory handling
• A memory corruption issue was addressed with improved state management
• Multiple memory corruption issues were addressed with improved memory handling
• A cross-origin issue existed with the fetch API. This was addressed with improved input validation
• A memory corruption issue was addressed with improved memory handling
• A use after free issue was addressed with improved memory management
• A validation issue was addressed with improved logic
• A logic issue was addressed with improved validation
Including the WebKit holes, there were 49 vulnerabilities fixed with the release of iOS 12.2.
Exploitation of these flaws could result in denial of service, privilege escalation, information disclosure, arbitrary code execution, kernel memory disclosure, unexpected system termination, S/MIME signature spoofing, user tracking, or in overwriting arbitrary files.
iOS 12.2 is now available for download to iPhone 5s and later, iPad Air and later, and iPod touch 6th generation users.
There were patches for 38 holes in macOS Mojave 10.14.4, Security Update 2019-002 High Sierra, and Security Update 2019-002 Sierra.
Click here for more information on the Apple updates.