Today Apple released updates for their core products that includes iCloud, Safari, iTunes, macOS Mojave, High Sierra, Sierra, Shortcuts for iOS 2.1.2, tvOS 12.1.1, and of course iOS 12.1.1.
Included in these security updates are numerous code execution, privilege escalations, and information disclosure vulnerabilities. Due to this, if you are the user of any of the above products, you should update them as soon as possible.
iOS 12.1.1 fixes a bug that was discovered at the end of October, the day after iOS 12.1 was released, that allows a user to access a phone's contacts even when iOS was locked. This bug was discovered by security researcher Jose Rodriguez who has a knack for finding these types of bypasses and demonstrates them on YouTube.
Other vulnerabilities that were fixed include remote code execution, information disclosure, escalation of privileges, and denial of service attacks.
Shortcuts is a new feature added to iOS 12 that allows you to create shortcuts that execute multiple commands with one voice command or tap.
This update is Shortcuts for iOS' first one and sadly there is not much to indicate what was fixed if anything. Instead we are greeted with the following statement:
"This update has no published CVE entries. We would like to acknowledge Micah A for their assistance."
Whoever Micah A is, congrats!
Below are the rest of the Apple security updates released today.
Name and information link
|iCloud for Windows 7.9||Windows 7 and later||05 Dec 2018|
|Safari 12.0.2||macOS Sierra 10.12.6, macOS High Sierra 10.13.6, and macOS Mojave 10.14.1||05 Dec 2018|
|iTunes 12.9.2 for Windows||Windows 7 and later||05 Dec 2018|
|macOS Mojave 10.14.2, Security Update 2018-003 High Sierra, Security Update 2018-006 Sierra||macOS Sierra 10.12.6, macOS High Sierra 10.13.6, and macOS Mojave 10.14.1||05 Dec 2018|
|Shortcuts 2.1.2 for iOS||iOS 12.0 and later||05 Dec 2018|
|tvOS 12.1.1||Apple TV 4K and Apple TV (4th generation)||05 Dec 2018|
|iOS 12.1.1||iPhone 5s and later, iPad Air and later, and iPod touch 6th generation||05 Dec 2018|