Published on: 11 December 2019
Apple has released iOS 12.4.4, iOS 13.3 and iPadOS 13.3 to fix multiple security vulnerabilities in various Apple devices. These vulnerabilities could be exploited by enticing a user to open a specially crafted application, file, video or malicious website.
A successful attack could lead to information disclosure, arbitrary code execution or elevation of privilege.
Apple has released new versions of operating systems to address the issue:
The updates can be obtained through the auto-update mechanism. Users of affected systems should follow the recommendations provided by the product vendor and take immediate actions to mitigate the risk.
https://support.apple.com/en-us/HT210785
https://support.apple.com/en-us/HT210787
https://www.us-cert.gov/ncas/current-activity/2019/12/10/apple-releases-multiple-security-updates
https://www.hkcert.org/my_url/en/alert/19121105
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8828
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8830
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8832
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8833
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8835
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8836
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8838
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8841
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8844
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8846
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8848
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8856
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8857
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15903