Security Alert (A19-10-09): Multiple Vulnerabilities in Apple iOS and iPadOS

Description:

Apple has released iOS 13.2 and iPadOS 13.2 to fix multiple security vulnerabilities in various Apple devices. These vulnerabilities could be exploited by enticing a user to open a specially crafted application, iBook file or website.

Affected Systems:

• iPhone 6s and later
• iPad Air 2 and later, mini 4 and later
• iPod touch 7th generation

Impact:

A successful attack could lead to information disclosure, arbitrary code execution, elevation of privilege, spoofing or security restrictions bypass.

Recommendation:

Apple has released iOS 13.2 and iPadOS 13.2 to address the issues.

The updates can be obtained through the auto-update mechanism.  Users of affected systems should follow the recommendations provided by the product vendor and take immediate actions to mitigate the risk.

More Information:

https://support.apple.com/en-us/HT210721
https://www.hkcert.org/my_url/en/alert/19103002
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7152
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8782 (to CVE-2019-8789)
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8793 (to CVE-2019-8795)
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8797
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8798
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8803
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8804
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8808
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8811 (to CVE-2019-8816)
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8819 (to CVE-2019-8823)