The iPhone 5s and later models, iPad Air and further models, and the 6th generation iPods, as well as Apple TV’s 4K and HD models, are all listed as affected products and should be updated to iOS 12.2 immediately. Bugs that were plaguing these devices could have potentially led to attacks like denial-of-service, privilege escalation, and information disclosure to gaining root privileges, overwriting arbitrary files, or executing code chosen by the attacker. Webkit was the source of a majority of the vulnerabilities (19 to be exact) mainly memory corruption bugs that would give attackers the ability to execute arbitrary code and bypass sandbox restrictions. Information on these vulnerabilities can be found in CVE-2019-6201, CVE-2019-8518, CVE-2019-8523, CVE-2019-8524, CVE-2019-8558, CVE-2019-8559, CVE-2019-8563, CVE-2019-8562, CVE-2019-8536, CVE-2019-8544, and CVE-2019-8535. Another one of the main vulnerabilities that was dealt with was the Apple Keychain flaw, CVE-2019-8526, that affected macOS. The vulnerability could possibly lead to password extraction from a targeted machine.
Written by: Nataliia Zdrok, Threat Intelligence Analyst at Binary Defense Russia’s invasion of Ukraine increased