Apple just launched iOS 12.2, updating its operating system to correct a total of 51 security vulnerabilities that impacted on iPhone 5s and later models, iPad Air and later models and iPod Touch sixth generation, reported experts from the best ethical hacking institute, besides the International Institute of Cyber Security (IICS).
As reported, most of the vulnerabilities patched by Apple reside on the Web Rendering Engine Webkit, used by multiple applications and web browsers executable in the operating system of the company.
According to the experts from the best ethical hacking institute, with just opening any kind of vulnerable content based on WebKit, users could be exposed to arbitrary code execution, confidential information leaking, sandbox environment bypassing or XSS attacks.
Among the corrected WebKit vulnerabilities is listed CVE-2019-6222, a security issue that allows malicious websites to enable the microphone of the compromised iOS device without showing signs of this action. A similar vulnerability (CVE-2019-8566) was corrected in the Apple ReplayKit API, which could allow a malicious application to access the iOS device’s microphone without the user noticing.
The company also corrected a critical flaw in WebKit. According to the vulnerability report (tracked as CVE-2019-8503), this would have allowed a malicious websites to run scripts in the context of another site, thus making it possible to extract information stored on other sites, as well as to deploy dangerous variants of attacks.
Experts from the best ethical hacking institute mention that, in addition to the issues with WebKit, a critical vulnerability was also corrected in previous versions of the Apple operating system that could lead to arbitrary code execution through malicious links embedded in SMS messages.
Apple corrected a total of six vulnerabilities in the iOS kernel. One of these flaws (CVE-2019-8527) would have enabled hackers to block systems or damage kernel memory remotely. Another critical vulnerability (CVE-2019-8514) could have been exploited to perform privilege escalations, among other malicious actions.