Apple heeft enkele dagen geleden versie 18.2.1 van iOS uitgebracht. In iOS 18, dat geschikt is voor alle modellen waarop ook iOS 17 draait, is het onder meer mogelijk het beginscherm aan te passen, is er ondersteuning voor Rich Communication Services, heeft het bedieningspaneel een opfrisbeurt gekregen en is de fotoapp vernieuwd. Verder is er een wachtwoordmanager en kunnen apps worden verborgen of worden afgeschermd. In deze update treffen we enkele niet nader gespecificeerde bugfixes en zijn de volgende beveiligingsproblemen verholpen:
AppleMobileFileIntegrityAvailable for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and laterImpact: A malicious app may be able to access private informationDescription: The issue was addressed with improved checks.CVE-2024-54526: Mickey Jin (@patch1t), Arsenii Kostromin (0x3c3e)
AppleMobileFileIntegrityAvailable for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and laterImpact: An app may be able to access sensitive user dataDescription: This issue was addressed with improved checks.CVE-2024-54527: Mickey Jin (@patch1t)
AudioAvailable for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and laterImpact: Muting a call while ringing may not result in mute being enabledDescription: An inconsistent user interface issue was addressed with improved state management.CVE-2024-54503: Micheal Chukwu and an anonymous researcher
Crash ReporterAvailable for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and laterImpact: An app may be able to access sensitive user dataDescription: A permissions issue was addressed with additional restrictions.CVE-2024-54513: an anonymous researcher
FontParserAvailable for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and laterImpact: Processing a maliciously crafted font may result in the disclosure of process memoryDescription: The issue was addressed with improved checks.CVE-2024-54486: Hossein Lotfi (@hosselot) of Trend Micro Zero Day Initiative
ImageIOAvailable for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and laterImpact: Processing a maliciously crafted image may result in disclosure of process memoryDescription: The issue was addressed with improved checks.CVE-2024-54500: Junsung Lee working with Trend Micro Zero Day Initiative
KernelAvailable for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and laterImpact: An attacker may be able to create a read-only memory mapping that can be written toDescription: A race condition was addressed with additional validation.CVE-2024-54494: sohybbyk
KernelAvailable for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and laterImpact: An app may be able to leak sensitive kernel stateDescription: A race condition was addressed with improved locking.CVE-2024-54510: Joseph Ravichandran (@0xjprx) of MIT CSAIL
KernelAvailable for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and laterImpact: An app may be able to cause unexpected system termination or corrupt kernel memoryDescription: The issue was addressed with improved memory handling.CVE-2024-44245: an anonymous researcher
libexpatAvailable for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and laterImpact: A remote attacker may cause an unexpected app termination or arbitrary code executionDescription: This is a vulnerability in open source code and Apple Software is among the affected projects. The CVE-ID was assigned by a third party. Learn more about the issue and CVE-ID at cve.org.CVE-2024-45490
libxpcAvailable for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and laterImpact: An app may be able to break out of its sandboxDescription: The issue was addressed with improved checks.CVE-2024-54514: an anonymous researcher
libxpcAvailable for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and laterImpact: An app may be able to gain elevated privilegesDescription: A logic issue was addressed with improved checks.CVE-2024-44225: 风沐云烟(@binary_fmyy)
PasswordsAvailable for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and laterImpact: An attacker in a privileged network position may be able to alter network trafficDescription: This issue was addressed by using HTTPS when sending information over the network.CVE-2024-54492: Talal Haj Bakry and Tommy Mysk of Mysk Inc. (@mysk_co)
SafariAvailable for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and laterImpact: On a device with Private Relay enabled, adding a website to the Safari Reading List may reveal the originating IP address to the websiteDescription: The issue was addressed with improved routing of Safari-originated requests.CVE-2024-44246: Jacob Braun
SceneKitAvailable for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and laterImpact: Processing a maliciously crafted file may lead to a denial of serviceDescription: The issue was addressed with improved checks.CVE-2024-54501: Michael DePlante (@izobashi) of Trend Micro's Zero Day Initiative
VoiceOverAvailable for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and laterImpact: An attacker with physical access to an iOS device may be able to view notification content from the lock screenDescription: The issue was addressed by adding additional logic.CVE-2024-54485: Abhay Kailasia (@abhay_kailasia) from C-DAC Thiruvananthapuram India
WebKitAvailable for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and laterImpact: Processing maliciously crafted web content may lead to an unexpected process crashDescription: The issue was addressed with improved checks.WebKit Bugzilla: 278497CVE-2024-54479: Seunghyun LeeWebKit Bugzilla: 281912CVE-2024-54502: Brendon Tiszka of Google Project Zero
WebKitAvailable for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and laterImpact: Processing maliciously crafted web content may lead to an unexpected process crashDescription: The issue was addressed with improved memory handling.WebKit Bugzilla: 282180CVE-2024-54508: linjy of HKUS3Lab and chluo of WHUSecLab, Xiangwei Zhang of Tencent Security YUNDING LAB
WebKitAvailable for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and laterImpact: Processing maliciously crafted web content may lead to memory corruptionDescription: A type confusion issue was addressed with improved memory handling.WebKit Bugzilla: 282661CVE-2024-54505: Gary Kwong
WebKitAvailable for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and laterImpact: Processing maliciously crafted web content may lead to memory corruptionDescription: The issue was addressed with improved memory handling.WebKit Bugzilla: 277967CVE-2024-54534: Tashita Software Security
Source: Tweakers.net