Apples patches several flaws for iOS 12.2
Apple patched 51 vulnerabilities rated serious with its iOS 12.2 update. One of the most serious bugs could allow apps to secretly listen to end users. Apple's iOS security updates are for the iPhone 5s and later, iPad Air and later and iPod touch 6th generation. Apple also disclosed security updates across other products including iTunes, Safari, macOS, and iCloud.
The eavesdropping iOS vulnerability is in ReplayKit, which allows game developers to give players the ability to easily record and share gameplay. The flaw comes from an API issue that existed in the handling of microphone data and could allow a malicious code to secretly access the user's microphone.
Another 19 iOS vulnerabilities were discovered in the Webkit browser engine used by Safari, Mail, App Store and other apps on macOS, iOS and Linux. These vulnerabilities included multiple memory corruption issues, which occurs when memory location contents are modified, exceeding the intention of the program constructs and potentially leading to malicious actions such as arbitrary code execution. The iOS memory corruption issues could allow hackers to process malicious web content. This could lead to arbitrary code execution on vulnerable devices or allow a hacker to circumvent sandbox restrictions.
Another vulnerability stems from a “consistency issue.” It could allow a website to access the microphone without the microphone use indicator being on. Apple also disclosed a logic issue that could lead to hackers creating malicious web content which could lead to cross site scripting. An issue in the fetch API of Webkit could disclose sensitive user information.
Apple also fixed a slew of vulnerabilities including a bug in GeoServices, the geo-location data services feature of iOS. The flaw disclosed by Apple security expert Patrick Wardle, could lead to arbitrary code execution when a user clicks a malicious SMS link. Apple also fixed two bugs in its Feedback Assistant component, a built-in app to send feedback to Apple. The flaws could allow a malicious app to gain root privileges or overwrite arbitrary files.