Apple Rolls Out iOS, macOS Updates That Fix Serious Flaws

Today’s topics include Apple fixing passcode and remote code execution flaws in iOS and macOS, and Microsoft open sourcing Windows Presentation Framework, Windows Forms and Windows UI XAML Library.

Apple released last week various updates to its desktop and mobile operating systems, including OS 12.1.1, macOS Mojave 10.14.2 and Safari 12.0.2. The bugs fixed include privilege escalation, arbitrary code execution, memory corruption and denial-of-service flaws.

In iOS 12.1.1, one major issue that Apple patched was a passcode bypass with the FaceTime conferencing application, allowing attackers to view contacts from the lock screen. Also in the iOS update is a patch for a flaw in the File Provider capability that could have enabled unauthorized information disclosure.

Another patched flaw, which was located in both macOS and iOS, kept users of Safari from fully delete browsing history. On macOS, Apple fixed multiple arbitrary code execution and information disclosure issues, including three in the Apple Kernel component, one in IOHIDFamily and one in Disk Images.

Microsoft announced at last week’s Windows Connect developers conference that Windows Presentation Framework, Windows Forms and Windows UI XAML Library will now have their code contributed as open-source projects.

According to Kevin Gallo, corporate vice president of the Windows Developer Platform, the moves provide transparency between the product team and the community, help democratize Windows development, and enable the community to engage and contribute to the code.

Also unveiled at the conference was Microsoft’s .NET Core 3 Preview 1 code, which adds support for building apps using Windows Presentation Framework, Windows Forms and XAML Islands.