Apple has released security updates in its latest iOS version 11.4 to fix 35 vulnerabilities identified in various iOS devices. These vulnerabilities could be exploited by enticing a user to open a specially crafted file, email, text message, and application or visit a malicious website. Attackers may also spoof password prompts in a privileged network position or bypass security checking with physical access.
A successful attack could lead to arbitrary code execution, elevation of privilege, information disclosure, spoofing or denial of service.
The product vendor has released iOS 11.4 to address the issues.
The updates can be obtained through the auto-update mechanism. Users of affected systems should follow the recommendations provided by the product vendor and take immediate actions to mitigate the risk.
https://support.apple.com/en-hk/HT208848
https://www.hkcert.org/my_url/en/alert/18060401
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4100
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4188
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4190
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4192
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4198
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4199
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4201
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4202
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4204
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4211
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4214
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4215
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4218
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4121 (to CVE-4227)
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4232
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4233
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4235
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4237 (to CVE-4241)
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4243
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4244
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4246
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4247
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4249
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4250
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4252