Security Alert (A18-04-02): Multiple Vulnerabilities in Apple iOS


 

Published on: 03 April 2018

  
  

Description:

On 29 March 2018, Apple released security updates in its latest iOS version 11.3 to fix 44 vulnerabilities identified in various iOS devices. These vulnerabilities could be exploited by physical access, or enticing a user to open a specially crafted application or access a malicious website.

 

Affected Systems:

  • iPhone 5s and later
  • iPad Air and later
  • iPod touch (6th generation)

 

Impact:

A successful attack could lead to arbitrary code execution, elevation of privilege, denial of service, devices restart, spoofing or information disclosure.

 

Recommendation:

The product vendor has released iOS 11.3 to address the issues.

The updates can be obtained through the auto-update mechanism. Users of affected systems should follow the recommendations provided by the product vendor and take immediate actions to mitigate the risk.

 

More Information:

https://support.apple.com/en-hk/HT208693
https://www.hkcert.org/my_url/en/alert/18040301
https://www.us-cert.gov/ncas/current-activity/2018/03/29/Apple-Releases-Multiple-Security-Updates
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4101
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4104
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4110
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4113 (to CVE-2018-4115)
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4117 (to CVE-2018-4123)
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4125
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4127 (to CVE-2018-4131)
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4134
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4137
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4140
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4142 (to CVE-2018-4144)
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4146
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4148 (to CVE-2018-4151)
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4154 (to CVE-2018-4158)
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4161 (to CVE-2018-4163)
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4165 (to CVE-2018-4168)
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4172
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4174

 



Tag: Apple , iOS , iPad , iPhone , iPod
Tags