Close
  • Latest News
  • Artificial Intelligence
  • Video
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Logo
Logo
  • Latest News
  • Artificial Intelligence
  • Video
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Apple
    • Apple
    • Cybersecurity

    Apple Secures iOS and macOS With New Updates

    Written by

    Sean Michael Kerner
    Published March 26, 2019
    Share
    Facebook
    Twitter
    Linkedin

      eWEEK content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More.

      Hidden behind Apple’s big day of services announcements on March 25 with new TV, news and future credit card services was an item of more immediate importance to most Apple users—a set of critical security updates.

      Apple updated its iOS mobile operating system to version 12.2 and its macOS Mojave desktop operating system to version 10.14.4, fixing numerous vulnerabilities that could have potentially exposed users to risk. Among the risks are flaws that could enable privilege escalation, information disclosure and arbitrary code execution.

      Noticeably absent from the list of fixed vulnerabilities were new issues disclosed on March 20 at the Pwn2Own security contest. Researchers at that event were able to publicly demonstrate new zero-day flaws in Apple’s Safari web browser running on macOS. Though the flaws were demonstrated at the event, the full vulnerability details have been kept under wraps and were privately disclosed to Apple.

      The new Apple software releases are the first since Apple released the iOS 12.1.4 and macOS Mojave 10.14.3 updates on Feb. 8, which patched a critical FaceTime vulnerability. Apple’s live messaging service has come under intense scrutiny in 2019 as researchers have uncovered multiple security issues. In the new iOS 12.2 and macOS Mojave 10.14.4 updates, there is yet another FaceTime flaw (CVE-2019-8550) that is being patched, though the new issue isn’t quite as impactful as past issues, which enabled attackers to activate a user’s camera without user knowledge.

      “A user’s video may not be paused in a FaceTime call if they exit the FaceTime app while the call is ringing,” the Apple advisory for CVE-2019-8550 states.

      Siri Dictation Vulnerability

      While FaceTime has been patched in the past for issues related to potential snooping with unauthorized access to a user’s camera or microphone, several troublesome issues of a similar nature were patched in the new iOS and macOS Mojave updates. Among them is an issue with Siri.

      Apple’s Siri voice personal assistant is supposed to only activate when the local user initiates a request with the “Hey Siri” command. The CVE-2019-8502 vulnerability, however, is a flaw with Siri that should concern Apple users.

      “A malicious application may be able to initiate a Dictation request without user authorization,” Apple warned in its advisory.

      The CVE-2019-8502 issues was reported to Apple by researchers working at North Carolina State University and University Politechnica in Bucharest, Romania. According to Apple, an API issue existed in the handling of dictation requests, which has now been addressed with improved validation.

      The Siri dictation flaw isn’t the only issue Apple is patching this month that involves unauthorized access to a user’s device microphone. Apple is also patching the CVE-2019-8566 issue in the ReplayKit framework, which enables users to record video and audio from apps.

      “A malicious application may be able to access the microphone without indication to the user,” Apple warned in its advisory for CVE-2019-8566.

      Feedback Flaws

      Among the more interesting flaws fixed in the new Apple updates are a pair of flaws (CVE-2019-8521, CVE-2019-8565) that were reported to Apple by a researcher using the alias “CodeColorist” of Ant-Financial LightYear Labs. The flaws involve what is generally thought to be an innocuous element of any operating system—a feedback assistant for sending feedback to a developer. 

      With the CVE-2019-8521 issue, Apple warned that a malicious application may be able to overwrite arbitrary files. The CVE-2019-8565 flaw on the other hand could have potentially enabled a malicious application to gain root privileges.

      Beware of Malicious SMS Links

      The issue of potentially malicious SMS text message links is one that Apple and other cellular device vendors have dealt with in recent years. In the iOS 12.2 update, Apple is fixing a vulnerability (CVE-2019-8553) in its GeoServices library that impacts SMS.

      “Clicking a malicious SMS link may lead to arbitrary code execution,” Apple warned.

      Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.

      Sean Michael Kerner
      Sean Michael Kerner
      Sean Michael Kerner is an Internet consultant, strategist, and writer for several leading IT business web sites.

      Get the Free Newsletter!

      Subscribe to Daily Tech Insider for top news, trends & analysis

      Get the Free Newsletter!

      Subscribe to Daily Tech Insider for top news, trends & analysis

      MOST POPULAR ARTICLES

      Artificial Intelligence

      9 Best AI 3D Generators You Need...

      Sam Rinko - June 25, 2024 0
      AI 3D Generators are powerful tools for many different industries. Discover the best AI 3D Generators, and learn which is best for your specific use case.
      Read more
      Cloud

      RingCentral Expands Its Collaboration Platform

      Zeus Kerravala - November 22, 2023 0
      RingCentral adds AI-enabled contact center and hybrid event products to its suite of collaboration services.
      Read more
      Artificial Intelligence

      8 Best AI Data Analytics Software &...

      Aminu Abdullahi - January 18, 2024 0
      Learn the top AI data analytics software to use. Compare AI data analytics solutions & features to make the best choice for your business.
      Read more
      Latest News

      Zeus Kerravala on Networking: Multicloud, 5G, and...

      James Maguire - December 16, 2022 0
      I spoke with Zeus Kerravala, industry analyst at ZK Research, about the rapid changes in enterprise networking, as tech advances and digital transformation prompt...
      Read more
      Video

      Datadog President Amit Agarwal on Trends in...

      James Maguire - November 11, 2022 0
      I spoke with Amit Agarwal, President of Datadog, about infrastructure observability, from current trends to key challenges to the future of this rapidly growing...
      Read more
      Logo

      eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site’s focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Advertisers

      Advertise with TechnologyAdvice on eWeek and our other IT-focused platforms.

      Advertise with Us

      Menu

      • About eWeek
      • Subscribe to our Newsletter
      • Latest News

      Our Brands

      • Privacy Policy
      • Terms
      • About
      • Contact
      • Advertise
      • Sitemap
      • California – Do Not Sell My Information

      Property of TechnologyAdvice.
      © 2024 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×