Apple

iOS 12 for iPhone, iPad and WatchOS 5 for Apple Watch starts rolling

Apple has finally started rolling out the new iOS 12 to the compatible iPhones and iPhones today. The new iOS 12 comes with tons of new features and performance enhancements as per the iOS 12 changelog. The update is of 1.56GB in size if your device has iOS 11.4.1 but if you have the older version on your phone then this size might exceed 2GB. The users can not update their device via mobile networks and they have to connect to a wifi network to complete this update. The complete changelog of the update is available at the end of this post. You can download the update from your iOS device by navigating to settings>>general>>software update to update your device.

iOS 12 update
iOS 12 update

iOS 12 for iPhones

The new iOS 12 is available for the iPhone 5s and above including iPhone 5S, iPhone 6, iPhone 6 Plus, iPhone 6s, iPhone 6s Plus, iPhone SE, iPhone 7, iPhone 7 Plus, iPhone 8, iPhone 8 Plus and iPhone X while the new iPhone XS, iPhone XS Max, and iPhone XR will run iOS 12 out of the box. iPad Mini 2, 3 and 4, iPad Air, iPad Air 2, iPad 6th and 5th generation, Apple iPad Pro 12.9-inch first and second generation, iPad Pro in 9.7-inches and 10.5-inches and iPod Touch 6th generation are receiving the iOS 12 update. Here is the complete changelog, features and enhancements available from the Apple iOS 12 update screen:

Accounts

Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation

Impact: A local app may be able to read a persistent account identifier

Description: This issue was addressed with improved entitlements.

CVE-2018-4322

Bluetooth

Available for: iPhone SE, iPhone 6s, iPhone 6s Plus, iPhone 7, iPhone 7 Plus, iPad Mini 4, 12.9-inch iPad Pro 1st generation, 12.9-inch iPad Pro 2nd generation, 10.5-inch iPad Pro, 9.7-inch iPad Pro, iPad 5th generation, and iPod Touch 6th generation

Impact: An attacker in a privileged network position may be able to intercept Bluetooth traffic

Description: An input validation issue existed in Bluetooth. This issue was addressed with improved input validation.

CVE-2018-5383

Core Bluetooth

Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation

Impact: An application may be able to execute arbitrary code with system privileges

Description: A memory corruption issue was addressed with improved memory handling.

CVE-2018-4330

CoreMedia

Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation

Impact: An app may be able to learn information about the current camera view before being granted camera access

Description: A permissions issue existed. This issue was addressed with improved permission validation.

CVE-2018-4356

IOMobileFrameBuffer

Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation

Impact: An application may be able to read restricted memory

Description: A validation issue was addressed with improved input sanitization.

CVE-2018-4335

iTunes Store

Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation

Impact: An attacker in a privileged network position may be able to spoof password prompts in the iTunes Store

Description: An input validation issue was addressed with improved input validation.

CVE-2018-4305

Kernel

Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation

Impact: An application may be able to read restricted memory

Description: An input validation issue existed in the kernel. This issue was addressed with improved input validation.

CVE-2018-4363

Messages

Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation

Impact: A local user may be able to discover a user’s deleted messages

Description: A consistency issue existed in the handling of application snapshots. The issue was addressed with improved handling of message deletions.

CVE-2018-4313

Safari

Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation

Impact: A local user may be able to discover websites a user has visited

Description: A consistency issue existed in the handling of application snapshots. The issue was addressed with improved handling of application snapshots.

CVE-2018-4313

Safari

Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation

Impact: A user may be unable to delete browsing history items

Description: Clearing a history item may not clear visits with redirect chains. The issue was addressed with improved data deletion.

CVE-2018-4329

Safari

Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation

Impact: A malicious website may be able to exfiltrate auto-filled data in Safari

Description: A logic issue was addressed with improved state management.

CVE-2018-4307

SafariViewController

Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation

Impact: Visiting a malicious website may lead to address bar spoofing

Description: An inconsistent user interface issue was addressed with improved state management.

CVE-2018-4362

Security

Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation

Impact: An attacker may be able to exploit weaknesses in the RC4 cryptographic algorithm

Description: This issue was addressed by removing RC4.

CVE-2016-1777

Status Bar

Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation

Impact: A person with physical access to an iOS device may be able to determine the last used app from the lock screen

Description: A logic issue was addressed with improved restrictions.

CVE-2018-4325: Brian Adeloye

Wi-Fi

Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation

Impact: An application may be able to read restricted memory

Description: A validation issue was addressed with improved input sanitization.

CVE-2018-4338

New features in watchOS 5

iTunes Store

Available for: Apple Watch Series 1 and later

Impact: An attacker in a privileged network position may be able to spoof password prompts in the iTunes Store

Description: An input validation issue was addressed with improved input validation.

CVE-2018-4305: Jerry Decime

Kernel

Available for: Apple Watch Series 1 and later

Impact: An application may be able to read restricted memory

Description: An input validation issue existed in the kernel. This issue was addressed with improved input validation.

CVE-2018-4363

Safari

Available for: Apple Watch Series 1 and later

Impact: A local user may be able to discover websites a user has visited

Description: A consistency issue existed in the handling of application snapshots. The issue was addressed with improved handling of application snapshots.

CVE-2018-4313: 11 anonymous researchers, David Scott, Enes Mert Ulu of Abdullah Mürşide Özünenek Anadolu Lisesi – Ankara/Türkiye, Mehmet Ferit Daştan of Van Yüzüncü Yıl University, Metin Altug Karakaya of Kaliptus Medical Organization, Vinodh Swami of Western Governor’s University (WGU)

Security

Available for: Apple Watch Series 1 and later

Impact: An attacker may be able to exploit weaknesses in the RC4 cryptographic algorithm

Description: This issue was addressed by removing RC4.

CVE-2016-1777

New features in tvOS 12

Bluetooth

Available for: Apple TV (4th generation)

Impact: An attacker in a privileged network position may be able to intercept Bluetooth traffic

Description: An input validation issue existed in Bluetooth. This issue was addressed with improved input validation.

CVE-2018-5383

iTunes Store

Available for: Apple TV 4K and Apple TV (4th generation)

Impact: An attacker in a privileged network position may be able to spoof password prompts in the iTunes Store

Description: An input validation issue was addressed with improved input validation.

CVE-2018-4305

Kernel

Available for: Apple TV 4K and Apple TV (4th generation)

Impact: An application may be able to read restricted memory

Description: An input validation issue existed in the kernel. This issue was addressed with improved input validation.

CVE-2018-4363

Safari

Available for: Apple TV 4K and Apple TV (4th generation)

Impact: A local user may be able to discover websites a user has visited

Description: A consistency issue existed in the handling of application snapshots. The issue was addressed with improved handling of application snapshots.

CVE-2018-4313

Security

Available for: Apple TV 4K and Apple TV (4th generation)

Impact: An attacker may be able to exploit weaknesses in the RC4 cryptographic algorithm

Description: This issue was addressed by removing RC4.

CVE-2016-1777

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.