Apple has released security updates in its latest iOS version 12 to fix 15 vulnerabilities identified in various iOS devices. These vulnerabilities could be exploited by enticing a user to open a specially crafted application or visit a malicious website. An attacker may also spoof password prompts or intercept Bluetooth traffic in a privileged network position, discover deleted user information via local access, or bypass security checking with physical access.
A successful attack could lead to arbitrary code execution, information disclosure or spoofing.
The product vendor has released iOS 12 to address the issues.
The updates can be obtained through the auto-update mechanism. Users of affected systems should follow the recommendations provided by the product vendor and take immediate actions to mitigate the risk.
https://support.apple.com/kb/HT209106
https://www.hkcert.org/my_url/en/alert/18091801
https://www.us-cert.gov/ncas/current-activity/2018/09/17/Apple-Releases-Multiple-Security-Updates
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1777
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4305
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4307
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4313
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4322
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4325
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4329
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4330
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4335
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4338
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4352
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4356
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4362
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4363
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5383