Apple has released a security update in its latest iOS version 12.1.3 to fix 31 vulnerabilities identified in various iOS devices. These vulnerabilities could be exploited by enticing a user to open a specially crafted application, FaceTime call, message or malicious website. An attacker may also exploit a Bluetooth vulnerability in a privileged network position.
A successful attack could lead to arbitrary code execution, cross site scripting, escalation of privileges, information disclosure or security restriction bypass.
The product vendor has released iOS 12.1.3 to address the issues.
The updates can be obtained through the auto-update mechanism. Users of affected systems should follow the recommendations provided by the product vendor and take immediate actions to mitigate the risk.
https://support.apple.com/kb/HT209443
https://www.hkcert.org/my_url/en/alert/19012301
https://www.us-cert.gov/ncas/current-activity/2019/01/22/Apple-Releases-Multiple-Security-Updates
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20346
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20505
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20506
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6200
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6202
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6205
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6206
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6208 (to CVE-2019-6219)
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6221
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6224 (to CVE-2019-6231)
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6233 (to CVE-2019-6235)