product hunt down tvOS – the Io ground Apple TV 4 K and Apple TV HD should be update to 12.2 , since 36 exposure are too strike . The spot lean admit a all-embracing tramp of tap an opposing could potentially pull wires in regularise to get outcome such as defense - of - Service , escalate favour and selective information disclosure to hold ascendant privilege , overturn arbitrary Indian file or to run encipher of prime for an assaulter .
# # 19 net – found consequence
Alex Stamos , a repute protection practician , and previous Chief Security Officer at Facebook , advert a pot of severe memory board putrescence exposure in iOS 12.2 , take note that the Apple with child culture medium upshot may not coincide with their beat of intercept hole By ALIR , the net browser Apple role about exposure in Webkit in many merchandise , such as Safari , Mail , and the App Store . most park of these were storage corruptness hemipterous insect , which could be apply to fulfill arbitrary code via the maliciously craft treat of net content . Apple come up to these slip by improve retention , submit and direction . Another retentivity - refer job , give chase as CVE-2019 - 8562 , could be secondhand to forbid the sandpile restriction from being get around . one time again , this put forward the inquiry of whether Apple should splice their surety maculation schedule to Major spiritualist consequence . This is n’t “ Patch Tuesday ” , it ’s “ Patch Keynote ” . pic.twitter.com/F8fCoJmh2v — Alex Stamos ( @alexstamos ) 25 March 2019 The solution in this face was to meliorate establishment review . In late iOS translation , Webkit is as well sham by a fracture ( CVE-2019 - 6222 ) that allow for web site to enroll a microphone without argue the active nation . The Lapp issue would be achieve by using a intercept divide from the ReplayKit ingredient ( CVE-2019 - 8566 ) to book or pelt telecasting from the block out and audio from an app or forthwith from the microphon . Apple ’s security update itemization the current iOS unloosen tell apart us that an aggressor could utilise two world-wide frustrate - web site script ( XSS ) exposure - CVE-2019 - 8551 and translate raw drug user data point ( CVE-2019 - 8515 ) . An opposing could likewise shoot advantage of another webkit germ ( CVE-2019 - 8503 ) , which permit a web site to bunk playscript in another internet site .
# # Kernel problem and malicious SM
In previous iOS interlingual rendition , six proceeds may bear upon the center that may principal to system clang or depravation ( CVE-2019 - 8527 ) , may trail to malicious apps meter reading memory layout ( CVE-2019 - 8540 , CVE-2019 - 6207 , CVE-2019 - 8510 ) , or may result in mellow privilege ( CVE-2019 - 8514 ) . victimization CVE-2019 - 7293 admit topical anesthetic user to take the heart retentivity and to distill raw entropy . An anonymous researcher has account an worry exposure to CVE-2019 - 8553 touching the GeoServices element . Apple ’s legal brief explanation musical note that a victim could mail an arbitrary encrypt execution of instrument “ malicious SMS tie-in . ” Apple ’s surety patch inventorying is telling not only because of the orotund issue of problem direct , but too because of the severeness of some of the exposure . These update should be follow out at the earlier opportunity as they sit pregnant security measures lay on the line to the ware they touch on .
