Apple releases iOS 12.1.3 with some security fixes
Apple has announced the availability of iOS 12.1.3. The update for iPhones and iPads fixes security vulnerabilities in the operating system, including kernel, WebKit, and FaceTime. macOS, tvOS and watchOS will also receive updates.
Apple publishes the list of vulnerabilities that version 1.3 of iOS 12 should fix, divided into 23 topics. For example, two vulnerabilities were found related to CoreAnimation, which made it possible for malicious apps to read shielded memory and escape the sandbox.
Google’s Project Zero found a buffer overflow issue with FaceTime, which allowed attackers to initiate a FaceTime call and then execute arbitrary code. iOS 12.1.3 closes several vulnerabilities in the OS kernel. Those vulnerabilities made it possible, among other things, to execute code with elevated privileges and read and modify memory shared by processes.
Google Project Zero, Qihoo 360 Nirvan Team, and Trend Micro’s Zero Day Initiative also found multiple vulnerabilities in WebKit, which included the ability to execute arbitrary code by luring iPhone and iPad users to specially developed malicious sites.
In addition, macOS Mojave 10.14.2, watchOS 5.1.3 and tvOS 12.1.2 also came with some bug fixes.