On 23 January 2018, Apple released security updates in its latest iOS version 11.2.5 to fix 13 vulnerabilities identified in various iOS devices. Multiple attack vectors could be adopted to exploit the vulnerabilities, such as enticing a user to open a maliciously crafted audio file, application, text message, certificate; or access a malicious website.
A successful attack could lead to arbitrary code execution, elevation of privilege, incorrect evaluation of certificates, denial of service or information disclosure.
The product vendor has released iOS 11.2.5 to address the issues.
The updates can be obtained through the auto-update mechanism. Users of affected systems should follow the recommendations provided by the product vendor and take immediate actions to mitigate the risk.
https://support.apple.com/en-hk/HT208463
https://www.hkcert.org/my_url/en/alert/18012401
https://www.us-cert.gov/ncas/current-activity/2018/01/23/Apple-Releases-Multiple-Security-Updates
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4082
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4085 (to CVE-2018-4090)
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4092 (to CVE-2018-4096)
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4100