The iPhone 5s and later models, iPad Air and further models, and the 6th generation iPods, as well as Apple TV’s 4K and HD models, are all listed as affected products and should be updated to iOS 12.2 immediately. Bugs that were plaguing these devices could have potentially led to attacks like denial-of-service, privilege escalation, and information disclosure to gaining root privileges, overwriting arbitrary files, or executing code chosen by the attacker. Webkit was the source of a majority of the vulnerabilities (19 to be exact) mainly memory corruption bugs that would give attackers the ability to execute arbitrary code and bypass sandbox restrictions. Information on these vulnerabilities can be found in CVE-2019-6201, CVE-2019-8518, CVE-2019-8523, CVE-2019-8524, CVE-2019-8558, CVE-2019-8559, CVE-2019-8563, CVE-2019-8562, CVE-2019-8536, CVE-2019-8544, and CVE-2019-8535. Another one of the main vulnerabilities that was dealt with was the Apple Keychain flaw, CVE-2019-8526, that affected macOS. The vulnerability could possibly lead to password extraction from a targeted machine.
Analyst Notes
Any users operating on the devices that are listed and running on an older operating system should upgrade to iOS 12.2 immediately. Be on the lookout for any new fixes coming within the next few weeks as attackers are known to switch their tactics to bypass these fixes after they come out.
