SECURITY
SECURITY
SECURITY
Apple releases security patches to address 100+ vulnerabilities
Apple Inc. has released security patches for its entire software range that address more than 100 vulnerabilities.
The security patches, released alongside a software update that added support for some of Apple’s new services, addressed 51 flaws in iOS, 38 in macOS Mojave, 36 in tvOS, 20 in iCloud for Windows, 20 in Safari, 18 in iTunes for Windows and one in Xcode.
In some cases, the same vulnerability was present in multiple products. With more than 50 security vulnerabilities, the iOS update 12.2 led the pack. Available for the iPhone 5s and up, iPad Air and later and the 6th generation iPod touch, the most serious flaw addressed in the update, CVE-2019-8566, was the so-called eavesdropping flaw.
The ReplayKit API flaw, ReplayKit a feature built into iOS to allow game developers to let players to record and share game play, allowed a malicious application to access the microphone on a given iOS-powered device secretly.
Of the other updates, WebKit, the engine behind Apple’s Safari browser, had the highest number of serious vulnerabilities addressed, with 19 listed Common Vulnerabilities and Exposures patched in the update. The biggest one patched in the macOS Mojave update – 10.14.4 was the KeySteal flaw, which could have allowed a malicious app to drain passwords out of Apple’s Keychain password manager.
Gavin Millard, vice president of intelligence at vulnerability management firm Tenable Inc., told SiliconANGLE that all this is “just the tip of the patch iceberg.”
“Already this year we’ve seen in excess of 4,000 vulnerabilities published, on top of the 16,500 published last year,” he said. “Even the largest security team working around the clock would be unable to find and fix every vulnerability as it’s announced and patched – that’s assuming that the patch can be applied, which often it can’t.”
The good news, he said, is that only a tiny proportion of vulnerabilities get weaponized. “Fortunately, for a large portion of the Apple user base, these fixes will be automatically applied overnight or the next time their devices are charged and connected to WiFi,” Millard added.
Photo: Pixabay
A message from John Furrier, co-founder of SiliconANGLE:
Support our mission to keep content open and free by engaging with theCUBE community. Join theCUBE’s Alumni Trust Network, where technology leaders connect, share intelligence and create opportunities.
- 15M+ viewers of theCUBE videos, powering conversations across AI, cloud, cybersecurity and more
- 11.4k+ theCUBE alumni — Connect with more than 11,400 tech and business leaders shaping the future through a unique trusted-based network.
About SiliconANGLE Media
SiliconANGLE Media is a recognized leader in digital media innovation, uniting breakthrough technology, strategic insights and real-time audience engagement. As the parent company of SiliconANGLE, theCUBE Network, theCUBE Research, CUBE365, theCUBE AI and theCUBE SuperStudios — with flagship locations in Silicon Valley and the New York Stock Exchange — SiliconANGLE Media operates at the intersection of media, technology and AI.
Founded by tech visionaries John Furrier and Dave Vellante, SiliconANGLE Media has built a dynamic ecosystem of industry-leading digital media brands that reach 15+ million elite tech professionals. Our new proprietary theCUBE AI Video Cloud is breaking ground in audience interaction, leveraging theCUBEai.com neural network to help technology companies make data-driven decisions and stay at the forefront of industry conversations.
