UPDATED 21:55 EDT / MARCH 26 2019

SECURITY

Apple releases security patches to address 100+ vulnerabilities

Apple Inc. has released security patches for its entire software range that address more than 100 vulnerabilities.

The security patches, released alongside a software update that added support for some of Apple’s new services, addressed 51 flaws in iOS, 38 in macOS Mojave, 36 in tvOS, 20 in iCloud for Windows, 20 in Safari, 18 in iTunes for Windows and one in Xcode.

In some cases, the same vulnerability was present in multiple products. With more than 50 security vulnerabilities, the iOS update 12.2 led the pack. Available for the iPhone 5s and up, iPad Air and later and the 6th generation iPod touch, the most serious flaw addressed in the update, CVE-2019-8566, was the so-called eavesdropping flaw.

The ReplayKit API flaw, ReplayKit a feature built into iOS to allow game developers to let players to record and share game play, allowed a malicious application to access the microphone on a given iOS-powered device secretly.

Of the other updates, WebKit, the engine behind Apple’s Safari browser, had the highest number of serious vulnerabilities addressed, with 19 listed Common Vulnerabilities and Exposures patched in the update. The biggest one patched in the macOS Mojave update – 10.14.4 was the KeySteal flaw, which could have allowed a malicious app to drain passwords out of Apple’s Keychain password manager.

Gavin Millard, vice president of intelligence at vulnerability management firm Tenable Inc., told SiliconANGLE that all this is “just the tip of the patch iceberg.”

“Already this year we’ve seen in excess of 4,000 vulnerabilities published, on top of the 16,500 published last year,” he said. “Even the largest security team working around the clock would be unable to find and fix every vulnerability as it’s announced and patched – that’s assuming that the patch can be applied, which often it can’t.”

The good news, he said, is that only a tiny proportion of vulnerabilities get weaponized. “Fortunately, for a large portion of the Apple user base, these fixes will be automatically applied overnight or the next time their devices are charged and connected to WiFi,” Millard added.

Photo: Pixabay

Since you’re here …

… We’d like to tell you about our mission and how you can help us fulfill it. SiliconANGLE Media Inc.’s business model is based on the intrinsic value of the content, not advertising. Unlike many online publications, we don’t have a paywall or run banner advertising, because we want to keep our journalism open, without influence or the need to chase traffic.The journalism, reporting and commentary on SiliconANGLE — along with live, unscripted video from our Silicon Valley studio and globe-trotting video teams at theCUBE — take a lot of hard work, time and money. Keeping the quality high requires the support of sponsors who are aligned with our vision of ad-free journalism content.

If you like the reporting, video interviews and other ad-free content here, please take a moment to check out a sample of the video content supported by our sponsors, tweet your support, and keep coming back to SiliconANGLE.

Cookies

We employ the use of cookies. Find out more.