Apple medicine

Apple has released security updates this week for seven products —macOS, iOS, watchOS, iTunes for Windows, tvOS, iCloud for Windows, and Safari.

Out of all the vulnerabilities patched this week, two stand out, mainly because they affect the kernels of macOS, iOS, watchOS, and tvOS alike.

Two vulnerabilities stand out

The vulnerabilities are CVE-2018-4241 and CVE-2018-4243, both discovered by Google security engineer Ian Beer. Neither Beer nor Apple have released expansive details about these two bugs.

Both issues are buffer overflows in the kernel code that can lead to an attacker executing malicious code within the context of the kernel, giving him full access to a device. But these are all the details currently available.

In fact, Apple is currently still hiding the changelog of the iOS, watchOS, and tvOS security patches in an attempt to allow users to update without giving attackers a clue to what's hiding inside.

Beer is expected to release more details about the two via the Google Project Zero bug tracker next week. In the meantime, users should get patchin'!

Name and information link

 

Available for

Release date

Safari 11.1.1 OS X El Capitan 10.11.6, macOS Sierra 10.12.6, and macOS High Sierra 10.13.4 01 Jun 2018
iCloud for Windows 7.5 Windows 7 and later 01 Jun 2018
macOS High Sierra 10.13.5, Security Update 2018-003 Sierra, Security Update 2018-003 El Capitan OS X El Capitan 10.11.6, macOS Sierra 10.12.6, macOS High Sierra 10.13.4 01 Jun 2018
iOS 11.4 iPhone 5s and later, iPad Air and later, and iPod touch 6th generation 29 May 2018
watchOS 4.3.1 All Apple Watch models 29 May 2018
iTunes 12.7.5 for Windows Windows 7 and later 29 May 2018
tvOS 11.4 Apple TV 4K and Apple TV (4th generation) 29 May 2018

Related Articles:

Apple Fixes Creepy FaceTime Vulnerability, Crash Bug in macOS, and More

WebKit Vulnerability Affects Latest Versions of Apple Safari

Apple Fixes Passcode Bypass, RCE Vulnerabilities, and More in Today's Updates.

Scam iOS Fitness Apps Steal Money Through Apple Touch ID

How a Security Test for DropBox Revealed 3 Apple Zero Day Vulnerabilities