Apple has released a security update in its latest iOS version 12.1.1 to fix 20 vulnerabilities identified in various iOS devices. These vulnerabilities could be exploited by enticing a user to open a specially crafted application, email or malicious website. An attacker may also bypass security features with physical access or exploit a vulnerability in a privileged network position
A successful attack could lead to arbitrary code execution, denial of service, escalation of privileges, information disclosure or spoofing.
The product vendor has released iOS 12.1.1 to address the issues.
The updates can be obtained through the auto-update mechanism. Users of affected systems should follow the recommendations provided by the product vendor and take immediate actions to mitigate the risk.
https://support.apple.com/kb/HT209340
https://www.us-cert.gov/ncas/current-activity/2018/12/05/Apple-Releases-Multiple-Security-Updates
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4303
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4429 (to CVE-2018-4431)
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4435 (to CVE-2018-4443)
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4445 (to CVE-2018-4447)
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4460 (to CVE-2018-4461)
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4464 (to CVE-2018-4465)