Apple released security updates that address vulnerabilities in multiple products, to include iOS, macOS, Safari, watchOS, and tvOS software. Additional mitigations for speculative execution vulnerabilities in Intel CPUs or “Spectre” were also included in the latest macOS update.
The latest Apple iOS 12.4 update fixes 37 vulnerabilities and numerous other bugs in Core Data, FaceTime, Found in Apps, Foundation, Heimdal, libxslt, Messages, Profiles, Quick Look, Siri, Telephony, UIFoundation, Wallet, and WebKit.
The iOS Webkit updates address 22 of the iOS vulnerabilities in total, to include 19 memory corruption bugs that could result in arbitrary code execution. One of the fixed Wallet vulnerabilities CVE-2019-8682 could allow a user to inadvertently complete an in-app purchase while on the lock screen.
Apple also provided updates for Mac operating systems to include: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, and macOS Mojave 10.14.5. These updates address 40 bugs in total.
In addition, the company patched multiple vulnerabilities with the release of Safari 12.1.2. The browser update is available for macOS Sierra 10.12.6, macOS High Sierra 10.13.6 and macOS Mojave 10.14.6
The list of other Apple products updated (with security updates) include:
- iCloud for Windows 10.6 (Windows 10)
- iCloud for Windows 7.13 (Windows 7 and later)
- iTunes 12.9.6 for Windows
- tvOS 12.4
- watchOS 5.3
Users and organizations should update their Apple devices as soon as possible.