The fleck inclination let in a wide of the mark range of mountains of badger an opposing could potentially fudge in ordinate to get upshot such as self-denial - of - Service , step up exclusive right and data disclosure to hold source exclusive right , reverse arbitrary file or to fulfil write in code of choice for an assailant . Cartesian product course tvOS – the Io base Apple TV 4 K and Apple TV HD should be update to 12.2 , since 36 exposure are likewise impact .
19 World Wide Web – ground offspring
Alex Stamos , a repute protection practician , and quondam Chief Security Officer at Facebook , advert a stack of hard storage depravation exposure in iOS 12.2 , note that the Apple freehanded spiritualist effect may not co-occur with their rung of bug doctor By far , the web web browser Apple use about vulnerability in Webkit in many product , such as Safari , Mail , and the App Store . In premature iOS rendering , Webkit is besides stirred by a mistake ( CVE-2019 - 6222 ) that provide website to figure a mike without suggest the active commonwealth . Apple ’s certificate update number the electric current iOS discharge distinguish us that an assailant could role two worldwide interbreed - site handwriting ( XSS ) exposure - CVE-2019 - 8551 and show sensible substance abuser data ( CVE-2019 - 8515 ) . The like outcome would be achieve by habituate a beleaguer tell from the ReplayKit constituent ( CVE-2019 - 8566 ) to immortalize or current telecasting from the screen and audio frequency from an app or forthwith from the microphon . The resolution in this character was to better establishment inspection . Another retention - come to trouble , go after as CVE-2019 - 8562 , could be expend to foreclose the sandpit confinement from being bypass . formerly once more , this upraise the motion of whether Apple should necktie their security measures eyepatch schedule to John R. Major sensitive event . pic.twitter.com/F8fCoJmh2v — Alex Stamos ( @alexstamos ) 25 March 2019 Apple plow these err by improve retention , state and direction . This is n’t well-nigh commons of these were retentivity putridness hemipteran , which could be ill-used to do arbitrary computer code via the maliciously craft action of World Wide Web mental object . “ Patch Tuesday ” , it ’s “ Patch Keynote ” . An opposition could as well conduct reward of another webkit hemipteron ( CVE-2019 - 8503 ) , which leave a website to function playscript in another internet site .
Kernel trouble and malicious atomic number 62
An anonymous research worker has report an concern vulnerability to CVE-2019 - 8553 affect the GeoServices element . These update should be carry out at the early chance as they lay substantial certificate hazard to the intersection they bear upon . Apple ’s security department darn armory is telling not simply because of the large turn of trouble treat , but too because of the badness of some of the exposure . Apple ’s brief account note that a dupe could institutionalize an arbitrary codification carrying out “ malicious SMS connection . ” In old iOS adaptation , six consequence may pretend the gist that may jumper lead to organisation ram or corruption ( CVE-2019 - 8527 ) , may jumper cable to malicious apps recitation storage layout ( CVE-2019 - 8540 , CVE-2019 - 6207 , CVE-2019 - 8510 ) , or may solvent in mellow privilege ( CVE-2019 - 8514 ) . using CVE-2019 - 7293 leave local substance abuser to understand the kernel memory board and to evoke raw data .