Published on: 31 October 2018
Apple has released security updates in its latest iOS version 12.1 to fix 31 vulnerabilities identified in various iOS devices. These vulnerabilities could be exploited by enticing a user to open a specially crafted video file, virtual contact file, text message, email, photo, or malicious website. An attacker may also bypass security features with physical access.
A successful attack could lead to arbitrary code execution, denial of service, escalation of privileges, cross-site scripting, information disclosure or spoofing.
The product vendor has released iOS 12.1 to address the issues.
The updates can be obtained through the auto-update mechanism. Users of affected systems should follow the recommendations provided by the product vendor and take immediate actions to mitigate the risk.
https://support.apple.com/kb/HT209192
https://www.hkcert.org/my_url/en/alert/18103101
https://www.us-cert.gov/ncas/current-activity/2018/10/30/Apple-Releases-Multiple-Security-Updates
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4365 (to CVE-2018-4369)
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4371 (to CVE-2018-4378)
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4382
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4384 (to CVE-2018-4388)
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4390 (to CVE-2018-4392)
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4394
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4398
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4400
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4409
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4413
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4416
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4419
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4420
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4427