Apple has released a new round of security updates for iOS 12 and iCloud that resolve numerous vulnerabilities. For iOS, these updates resolve two passcode bypasses and for iCloud there are numerous, including critical, vulnerabilities that were fixed.
Included in this update are also fixes for the charging and WiFi bugs that users of the new iPhone XS have been experiencing.
With the release of iOS 12.0.1, Apple fixed two vulnerabilities, one in QuickLook and the other in VoiceOver, that would allow you to bypass the iOS lock screen and see contacts, photos, emails, and telephone numbers. Both of these vulnerabilities were discovered by security researcher Jose Rodriguez, who demonstrated how to perform them in two YouTube videos.
Exploiting these vulnerabilities require a lot of steps, access to the phone, and from the videos, are not easy tasks to perform. You can see Rodriguez performing one of the vulnerabilities in the video below.
These vulnerabilities have been assigned CVE IDs CVE-2018-4380 and CVE-2018-4379. .
With the release of iCloud for Windows 7.7.12, Apple patches 19 security vulnerabilities, with 13 of them being the most critical as they allow arbitrary code execution. Code execution vulnerabilities are the most dangerous as they allow attackers to execute commands on a device remotely.
These vulnerabilities were assigned the following CVE IDs: CVE-2018-4191, CVE-2018-4311, CVE-2018-4316, CVE-2018-4299, CVE-2018-4323, CVE-2018-4328, CVE-2018-4358, CVE-2018-4359, CVE-2018-4319, CVE-2018-4309, CVE-2018-4197, CVE-2018-4306, CVE-2018-4312, CVE-2018-4314, CVE-2018-4315, CVE-2018-4317, CVE-2018-4318, CVE-2018-4345, and CVE-2018-4361.