Security Alert (A19-09-07): Multiple Vulnerabilities in Apple devices


 

Published on: 27 September 2019

Last update on: 30 September 2019

  
  

Description:

Apple has released iOS 12.4.2, iOS 13.1 and iPadOS 13.1 to fix multiple security vulnerabilities in various Apple devices. These vulnerabilities could be exploited by sending malicious craft messages, enticing a user to open a specially crafted file or website, or bypassing the lock screen with physical access.

 

Please note that Apple has released iOS 13.1.1 and iPadOS 13.1.1 to include another fix on the security vulnerability (CVE-2019-8779). Successful exploitation of the vulnerability could potentially allow third-party app extensions to break sandbox restrictions and gain full access of device functions and resources without user permission. Users are advised to upgrade the affected Apple devices to the latest operating systems.

 

Affected Systems:

  • iPhone 5s and later
  • iPad Air and later, mini 2 and later
  • iPod touch (6th generation) and later

 

Impact:

A successful attack could lead to information disclosure, arbitrary code execution, unexpected application termination, spoofing or security restrictions bypass.

 

Recommendation:

Apple has released new versions of operating systems to address the issue:

  • iOS 12.4.2 for iPhone 5s, iPhone 6, iPhone 6 Plus, iPad Air, iPad mini 2, iPad mini 3, and iPad touch 6th generation
    https://support.apple.com/en-hk/HT210590

  • iOS 13.1 and iPadOS 13.1 for iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation
    https://support.apple.com/en-hk/HT210603

The updates can be obtained through the auto-update mechanism.  Users of affected systems should follow the recommendations provided by the product vendor and take immediate actions to mitigate the risk.

 

More Information:

https://support.apple.com/en-hk/HT210590
https://support.apple.com/en-hk/HT210603
https://support.apple.com/en-hk/HT210606
https://support.apple.com/en-us/HT210613
https://support.apple.com/en-us/HT210624
https://www.hkcert.org/my_url/en/alert/19092702
https://www.us-cert.gov/ncas/current-activity/2019/09/25/apple-releases-security-updates
https://www.us-cert.gov/ncas/current-activity/2019/09/27/apple-releases-security-updates
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8641
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8674
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8704
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8705
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8711
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8727
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8731
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8742
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8760
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8775
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8779

 



Tag: Apple , iOS , iPhone , iPad , iPod , iPadOS
Tags