Apple has released its January security updates fixing a list of common CVE flaws affecting iOS and macOS with Safari, watchOS, tvOS and Windows iCloud smattering.
This latest version fixes the iPhone 5s and later sizable list of CVEs and iPad and iPod Touch 6th Generation. Almost all external researchers reported to Apple.
CVE-2019-6200, Bluetooth remote code execution (RCE) and CVE-2019-6224, another RCE that an attacker could exploit via FaceTime.
Another nine CVEs, including CVE-2019-6229, are fixed for the WebKit browser engine, which could allow cross-site scripting through a malicious web page.
Six CVEs account for kernel-level flaws, all of which would allow an attacker to sneak a malicious app past Apple to raise privileges, break out of the sandbox or execute malicious code.
The update should appear without intervention or by clicking Settings> General > Software Update you can check it manually.
Most of the CVEs mentioned in the iOS v12.1.3 update, including those for BlueTooth, FaceTime, WebRTC, CoreAnimation, SQLite, IOKit and those affecting the kernel, are also known as Security Update 2019-001 for Sierra and High Sierra. Specific to macOS Sierra / High Sierra are CVE-2018-4452, an RCE weakness affecting the Intel graphics driver, and CVE-2018-4467, which could give rise to a privilege problem affecting the hypervisor of the operating system.
CVE-2019-6220, an out – of-bound flaw in QuartzCore that could allow an attacker to read limited memory, affects all versions. System Preferences > Software Update can initiate updating. If you haven’t clicked the box marked, keep my Mac up to date automatically, it might be a good idea to do that now.
Finally, Apple’s update would not be complete without something for Safari that gets CVE-2019-6228, fixing a cross-site scripting vulnerability with better URL validation in the Reader browser.
ICloud updates for Windows (v7.10), watchOS (v5.1.3) and TVOS (v12.1.2) are also available.