Security Affairs
Pegasus Used Against MEP Investigating Pegasus, Citizen Lab Finds|JADEPUFFER: First End-to-End AI-Driven Ransomware Operation|The Anatomy of a Shadow AI Supply-Chain Breach: Lessons from the 2026 Vercel Incident|Law enforcememt operation disrupted Malicious Residential Proxy Networks NetNut|Government and Healthcare Are the Weakest Links in Global Email Security|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|Pegasus Used Against MEP Investigating Pegasus, Citizen Lab Finds|JADEPUFFER: First End-to-End AI-Driven Ransomware Operation|The Anatomy of a Shadow AI Supply-Chain Breach: Lessons from the 2026 Vercel Incident|Law enforcememt operation disrupted Malicious Residential Proxy Networks NetNut|Government and Healthcare Are the Weakest Links in Global Email Security|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

iOS 12.2 update addresses some troubling vulnerabilities

This week Apple released iOS 12.2 to address 51 security vulnerabilities in the popular mobile operating system running on iPhone 5s and later, iPad Air and later, and iPod touch 6th generation. Most of the flaws affect the web rendering engine WebKit, an attacker could trick victims into opening a maliciously crafted web content to […]

iOS 12.2 update addresses some troubling vulnerabilities

This week Apple released iOS 12.2 to address 51 security vulnerabilities in the popular mobile operating system running on iPhone 5s and later, iPad Air and later, and iPod touch 6th generation.

Most of the flaws affect the web rendering engine WebKit, an attacker could trick victims into opening a maliciously crafted web content to execute arbitrary code, disclose sensitive user information, bypass sandbox restrictions, or launch universal cross-site scripting attacks on the device.

The WebKit vulnerability tracked as CVE-2019-6222 could be exploited by an attacker to set up a malicious website to potentially access an iOS device microphone without the “microphone-in-use” indicator being shown.

“A website may be able to access the microphone without the microphone use indicator being shown” reads the security advisory published by Apple.

“A consistency issue was addressed with improved state handling.”

Another flaw in WebKit, tracked as CVE-2019-8503, could be exploited to execute scripts in the context of another site.

Another troubling issues is a ReplayKit API bug, tracked as CVE-2019-8566, that could be exploited by a malicious application to access the microphone on vulnerable devices.

A malicious application may be able to access the microphone without indication to the user.” reads the advisory published by Apple.

“An API issue existed in the handling of microphone data. This issue was addressed with improved validation.”

Apple also fixed a critical vulnerability (CVE-2019-8553) in earlier iOS versions that could lead to arbitrary code execution just by tricking victims into clicking a malicious SMS link.

The CVE-2019-8553 flaw affects iPhone 5s and later, iPad Air and later, and iPod touch 6th generation devices.

Apple addressed a total of six vulnerabilities in iOS kernel. The CVE-2019-8527 flaw could be exploited by a remote attacker to cause the unexpected termination of the system or corrupt kernel memory, while the CVE-2019-8514 flaw could be exploited to elevate privileges.

[adrotate banner=”9″] [adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – Apple, iOS 12.2)

[adrotate banner=”5″]

[adrotate banner=”13″]