Apple released security updates that address vulnerabilities in multiple products, to include iOS, macOS, Safari, watchOS, tvOS and Apple TV Software. Additional mitigations for speculative execution vulnerabilities in Intel CPUs or “Spectre” were also included in the latest macOS update.
The latest Apple iOS 12.3 update fixes 42 vulnerabilities and numerous other bugs in AppleFileConduit, Contacts, CoreAudio, Disk Images, Kernel, Lock Screen, Mail, Mail Message Framework, MobileInstallation, MobileLockdown, Photos Storage, SQLite, Status Bar, StreamingZip, sysdiagnose and Wi-Fi.
The iOS Webkit updates address half or 21 of the iOS vulnerabilities in total, to include 20 memory corruption bugs that could result in arbitrary code execution. One of the fixed iOS kernel vulnerabilities CVE-2019-8607 could result in disclosure of process memory.
Apple also provided updates for Mac operating systems to include: macOS Mojave 10.14.5, Security Update 2019-003 High Sierra, Security Update 2019-003 Sierra.
It is also noteworthy that Apple released additional mitigations for speculative execution vulnerabilities in Intel CPUs, which were also included in the Mojave 10.14.5 security update. The Mohave upgrade also includes security update for Safari to protect against Spectre.
“This update prevents exploitation of these vulnerabilities via JavaScript or as a result of navigating to a malicious website in Safari,” Apple noted in the advisory.
The list of other Apple products updated include:
Users and organizations should update their Apple devices as soon as possible.