On Monday the giant firm Apple released the IOS 12.2 patch which consists of a total of 51 security vulnerabilities in its mobile operating system. These vulnerabilities affect the system of iPhone 5s, iPad Air and iPod touch 6th generation. The majority of these vulnerabilities if Apple patches that have come to the forefront this month resides mainly in its web rendering engine Webkit.
This web rendering engine of Apple is used by many apps as well as web browsers that are running on Apple’s operating system.
As per the statements of the advisory of Apple opening on maliciously crafted web content by using any of the vulnerable Webkit based application would make it easy for the remote attackers to launch their attack on the web browsers and operating system. Opening up a maliciously crafted web content gives the web hackers access to execute the arbitrary codes, bypass the sandbox restrictions, launch a universal cross-site scripting attack on the Apple devices or even disclose the sensitive user information.
A consistency issue CVE-2019-6222, contained amongst the Webkit vulnerabilities allows the various malicious websites to potentially gain access to an iOS device microphone without even the microphone-on-use indicator being shown on the device. A similar kind of vulnerability CVE-2019-8566 has been patched up in Apple’s Replay kit API that allows a malicious application to gain its access to the microphone of the iOS device without even alerting its user.
Along with these vulnerabilities, Apple has also patched up a serious logical bug that had been haunting its operating system. This logical bug CVE-2019-8503 in the Webkit that would have allowed the malicious websites to execute specific scripts in the operating system in the context of another site. This allows hackers to steal user information stored on other sites or even launch a wide range of online attacks.
