On 24 April 2018, Apple released security updates in its latest iOS version 11.3.1 to fix 4 vulnerabilities identified in various iOS devices. These vulnerabilities could be exploited by enticing a user to open a specially crafted text message, application or access a malicious website.
A successful attack could lead to arbitrary code execution, elevation of privilege or spoofing.
The product vendor has released iOS 11.3.1 to address the issues.
The updates can be obtained through the auto-update mechanism. Users of affected systems should follow the recommendations provided by the product vendor and take immediate actions to mitigate the risk.
https://support.apple.com/en-hk/HT208743
https://www.hkcert.org/my_url/en/alert/18042501
https://www.us-cert.gov/ncas/current-activity/2018/04/24/Apple-Releases-Multiple-Security-Updates
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4187
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4200
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4204
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4206