Updates for iOS and macOS were launched today.

Less than a month after the release of iOS 11.3 and macOS 10.13.4, Apple has announced the release of updates for their flagship operating systems. The update to macOS is a Security Update (2018-001) and is recommended for all users. It improves the security of macOS and includes the following:

Crash Reporter

  • Available for: macOS High Sierra 10.13.4
  • Impact: An application may be able to gain elevated privileges
  • Description: A memory corruption issue was addressed with improved error handling.
  • CVE-2018-4206: Ian Beer of Google Project Zero

LinkPresentation

  • Available for: macOS High Sierra 10.13.4
  • Impact: Processing a maliciously crafted text message may lead to UI spoofing
  • Description: A spoofing issue existed in the handling of URLs. This issue was addressed with improved input validation.
  • CVE-2018-4187: Zhiyang Zeng (@Wester) of Tencent Security Platform Department, Roman Mueller (@faker_)

apple update

In addition to macOS’s security update, Safari also received an update to version 11.1 for added security.

WebKit

  • Available for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6, and macOS High Sierra 10.13.4
  • Impact: Processing maliciously crafted web content may lead to arbitrary code execution
  • Description: A memory corruption issue was addressed with improved state management.
  • CVE-2018-4200: Ivan Fratric of Google Project Zero

WebKit

  • Available for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6, and macOS High Sierra 10.13.4
  • Impact: Processing maliciously crafted web content may lead to arbitrary code execution
  • Description: A memory corruption issue was addressed with improved memory handling.
  • CVE-2018-4204: Richard Zhu (fluorescence) working with Trend Micro’s Zero Day Initiative, found by OSS-Fuzz

The iOS update is available for iPhone 5s and later, iPad Air and later, and iPod touch 6th generation. It also improves the security of your iPhone or iPad and addresses issues where touch input was unresponsive on some iPhone 8 devices because they were serviced with non-genuine replacement displays. Other improvements include:

Crash Reporter

  • Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation
  • Impact: An application may be able to gain elevated privileges
  • Description: A memory corruption issue was addressed with improved error handling.
  • CVE-2018-4206: Ian Beer of Google Project Zero

LinkPresentation

  • Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation
  • Impact: Processing a maliciously crafted text message may lead to UI spoofing
  • Description: A spoofing issue existed in the handling of URLs. This issue was addressed with improved input validation.
  • CVE-2018-4187: Zhiyang Zeng (@Wester) of Tencent Security Platform Department, Roman Mueller (@faker_)

WebKit

  • Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation
  • Impact: Processing maliciously crafted web content may lead to arbitrary code execution
  • Description: A memory corruption issue was addressed with improved state management.
  • CVE-2018-4200: Ivan Fratric of Google Project Zero

WebKit

  • Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation
  • Impact: Processing maliciously crafted web content may lead to arbitrary code execution
  • Description: A memory corruption issue was addressed with improved memory handling.
  • CVE-2018-4204: Richard Zhu (fluorescence) working with Trend Micro’s Zero Day Initiative, found by OSS-Fuzz

Read more about these updates by visiting https://support.apple.com/en-us/HT201222.

NOTE: All these updates may not be avaiable to you quite yet as Apple is rolling them out throughout the day. 

Advertisements

Pin It on Pinterest

Share This