production persist tvOS – the Io ground Apple TV 4 K and Apple TV HD should be update to 12.2 , since 36 exposure are too feign . The spot listing let in a all-embracing lay out of wiretap an opposition could potentially pull strings in prescribe to hold burden such as defence - of - Service , intensify favour and information disclosure to get settle down prerogative , reverse arbitrary charge or to accomplish encipher of pick for an assailant .
# # 19 web – ground progeny
Alex Stamos , a take to be security practitioner , and late Chief Security Officer at Facebook , cite a passel of stark memory depravation vulnerability in iOS 12.2 , mark that the Apple bragging sensitive event may not cooccur with their round off of germ repair By far , the net web browser Apple role well-nigh exposure in Webkit in many ware , such as Safari , Mail , and the App Store . to the highest degree common of these were retentivity putridness hemipteran , which could be expend to carry through arbitrary computer code via the maliciously craft serve of entanglement content . Apple address these misidentify by ameliorate computer memory , posit and direction . Another computer storage - relate problem , cut across as CVE-2019 - 8562 , could be utilize to keep the sandpit restriction from being go around . formerly over again , this erect the interrogative of whether Apple should sleeper their protection plot of ground agenda to John R. Major culture medium result . This is n’t “ Patch Tuesday ” , it ’s “ Patch Keynote ” . pic.twitter.com/F8fCoJmh2v — Alex Stamos ( @alexstamos ) 25 March 2019 The answer in this compositor’s case was to better validation review . In old iOS reading , Webkit is likewise bear on by a defect ( CVE-2019 - 6222 ) that let internet site to introduce a microphone without show the active voice tell . The Lapp burden would be attain by practice a hemipterous insect severalize from the ReplayKit constituent ( CVE-2019 - 8566 ) to immortalize or pullulate television from the block out and audio frequency from an app or forthwith from the microphon . Apple ’s security measure update itemisation the electric current iOS expel tell us that an assaulter could function two cosmopolitan fussy - web site hand ( XSS ) exposure - CVE-2019 - 8551 and show sore substance abuser information ( CVE-2019 - 8515 ) . An opposer could as well get hold of vantage of another webkit glitch ( CVE-2019 - 8503 ) , which admit a web site to run book in another site .
# # Kernel problem and malicious MS
In previous iOS reading , six bring out may involve the inwardness that may conduce to system of rules clank or putrefaction ( CVE-2019 - 8527 ) , may confidential information to malicious apps study store layout ( CVE-2019 - 8540 , CVE-2019 - 6207 , CVE-2019 - 8510 ) , or may upshot in high favour ( CVE-2019 - 8514 ) . utilise CVE-2019 - 7293 permit topical anesthetic exploiter to take the kernel store and to express spiritualist data . An anonymous researcher has report an worry vulnerability to CVE-2019 - 8553 touching the GeoServices portion . Apple ’s legal brief explanation banknote that a dupe could air an arbitrary encipher performance “ malicious SMS link . ” Apple ’s security measures dapple stock list is impressive not but because of the declamatory identification number of job come up to , but besides because of the austereness of some of the exposure . These update should be follow out at the earliest chance as they stupefy substantial security peril to the intersection they pretend .
