Apple has released security updates in its latest iOS version 11.4.1 to fix 22 vulnerabilities identified in various iOS devices. These vulnerabilities could be exploited by enticing a user to open a specially crafted application or visit a malicious website. An attacker with local access may also be able to exploit a kernel vulnerability and disclose the memory.
A successful attack could lead to arbitrary code execution, elevation of privilege, information disclosure, spoofing, sandbox escape or denial of service.
The product vendor has released iOS 11.4.1 to address the issues.
The updates can be obtained through the auto-update mechanism. Users of affected systems should follow the recommendations provided by the product vendor and take immediate actions to mitigate the risk.
https://support.apple.com/en-hk/HT208938
https://www.hkcert.org/my_url/en/alert/18071001
https://www.us-cert.gov/ncas/current-activity/2018/07/09/Apple-Releases-Multiple-Security-Updates
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4248
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4260 (to CVE-4267)
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4270 (to CVE-4275)
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4277
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4278
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4280
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4282
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4284
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4290
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4293