Apple Releases Multiple Security Updates

Apple has released security updates for Safari 12, tvOS 12, watchOS 5, and Apple support 2.4 for iOS. As these updates are security updates, it is important to apply them to all devices that are affected. Some of these vulnerabilities allow the attacker to take control of the affected system if exploited.

You can view Apple’s product security page for more information from this link.

 

Safari 12

A malicious website may be able to exfiltrate auto-filled data in Safari.
  • Updates available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6
  • Description: A logic issue was addressed with improved state management
  • CVE-2018-4307

 

A user may be unable to delete browsing history items.
  • Updates available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6
  • Description: Clearing a history item may not clear visits with redirect chains. The issue was addressed with improved data deletion
  • CVE-2018-4329

 

Visiting a malicious website by clicking a link may lead to user interface spoofing.
  • Updates available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6
  • Description: An inconsistent user interface issue was addressed with improved state management
  • CVE-2018-4195

 

tvOS 12

An attacker in a privileged network position may be able to intercept Bluetooth traffic.
  • Updates available for: Apple TV (4th generation)
  • Description: An input validation issue existed in Bluetooth. This issue was addressed with improved input validation
  • CVE-2018-5383

 

  • Updates available for: Apple TV 4K and Apple TV (4th generation)
  • Description: An input validation issue was addressed with improved input validation
  • CVE-2018-4305

 

An application may be able to read restricted memory.
  • Updates available for: Apple TV 4K and Apple TV (4th generation)
  • Description: An input validation issue existed in the kernel. This issue was addressed with improved input validation
  • CVE-2018-4363

 

A local user may be able to discover the websites a user has visited.
  • Updates available for: Apple TV 4K and Apple TV (4th generation)
  • Description: A consistency issue existed in the handling of application snapshots. The issue was addressed with improved handling of application snapshots
  • CVE-2018-4313

 

An attacker may be able to exploit weaknesses in the RC4 cryptographic algorithm.
  • Updates available for: Apple TV 4K and Apple TV (4th generation)
  • Description: This issue was addressed by removing RC4
  • CVE-2016-1777

 

watchOS 5

An attacker in a privileged network position may be able to spoof password prompts in the iTunes Store.
  • Updates available for: Apple Watch Series 1 and later
  • Description: An input validation issue was addressed with improved input validation
  • CVE-2018-4305

 

An application may be able to read restricted memory.
  • Updates available for: Apple Watch Series 1 and later
  • Description: An input validation issue existed in the kernel. This issue was addressed with improved input validation
  • CVE-2018-4363

 

A local user may be able to discover the websites a user has visited.
  • Updates available for: Apple Watch Series 1 and later
  • Description: A consistency issue existed in the handling of application snapshots. The issue was addressed with improved handling of application snapshots.
  • CVE-2018-4313

 

An attacker may be able to exploit weaknesses in the RC4 cryptographic algorithm.
  • Updates available for: Apple Watch Series 1 and later
  • Description: This issue was addressed by removing RC4
  • CVE-2016-1777

 

Apple support 2.4 for iOS

An attacker in a privileged network position may be able to intercept analytics data sent to Apple.
  • Update available for: iOS 11.0 and later
  • Description: Analytics data was sent using HTTP rather than HTTPS. This was addressed by sending analytics data using HTTPS
  • CVE-2018-4397

 

 

If you found this post helpful, share it to your friends!

About the author

PC Rookies is a one-man-project to offer basic information about computers. The writer is studying computer sciences and a computer hobbyist.

Leave A Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.