Apple Fixes Passcode, Remote Code Execution Flaws in iOS and macOS

From eWeek: Apple released a series of updates on Dec. 5 to its desktop and mobile operating systems, patching serious vulnerabilities that could have exposed users to risk.

Among the updates released by Apple are iOS 12.1.1, macOS Mojave 10.14.2 and Safari 12.0.2. The bugs fixed across the updates include privilege escalation, arbitrary code execution, memory corruption and denial-of-service flaws. In iOS 12.1.1, one of the most impactful issues patched is a passcode bypass one with the FaceTime conferencing application.

"A local attacker may be able to view contacts from the lock screen," Apple wrote in its advisory for the FaceTime vulnerability, which is also identified as CVE-2018-4430. "A lock screen issue allowed access to contacts on a locked device."

The CVE-2018-4430 flaw was discovered by security researcher Jose Rodriguez, who had actually posted a video of how the bypass works on Oct. 30.

View: Article @ Source Site