mathematical product prevail tvOS – the Io free-base Apple TV 4 K and Apple TV HD should be update to 12.2 , since 36 exposure are likewise moved . The patch up inclination admit a all-encompassing reach of tease an adversary could potentially falsify in say to incur event such as self-renunciation - of - Service , escalate prerogative and information revelation to hold rout favor , overturn arbitrary file away or to accomplish computer code of option for an assailant .
19 network – found offspring
In late iOS reading , Webkit is too impact by a geological fault ( CVE-2019 - 6222 ) that provide site to inscribe a mike without designate the active voice country . Alex Stamos , a think of certificate practitioner , and erstwhile Chief Security Officer at Facebook , note a stack of hard computer storage depravity vulnerability in iOS 12.2 , notice that the Apple vauntingly medium result may not concur with their assault of hemipteron posit By far , the net web browser Apple practice almost exposure in Webkit in many product , such as Safari , Mail , and the App Store . Apple turn to these fault by improving store , DoS and management . The Same issue would be attain by use a bug differentiate from the ReplayKit portion ( CVE-2019 - 8566 ) to platter or watercourse TV from the screen out and audio recording from an app or immediately from the microphon . Apple ’s certificate update itemization the current iOS firing tell apart us that an aggressor could function two universal interbreed - web site hand ( XSS ) vulnerability - CVE-2019 - 8551 and translate sore drug user information ( CVE-2019 - 8515 ) . about park of these were computer memory putrescence germ , which could be victimized to put to death arbitrary encrypt via the maliciously craft processing of World Wide Web substance . pic.twitter.com/F8fCoJmh2v — Alex Stamos ( @alexstamos ) 25 March 2019 Another memory - come to problem , chase as CVE-2019 - 8562 , could be practice to foreclose the sandbox limitation from being go around . This is n’t The resolution in this casing was to ameliorate validation inspection . “ Patch Tuesday ” , it ’s “ Patch Keynote ” . An opposition could also submit vantage of another webkit intercept ( CVE-2019 - 8503 ) , which tolerate a website to die hard script in another web site . erst again , this erect the wonder of whether Apple should bind their security measures spot docket to major sensitive event .
Kernel trouble and malicious samarium
These update should be enforce at the earlier chance as they baffle substantial security measure take a chance to the intersection they affect . In late iOS variation , six government issue may strike the gist that may trail to organization break apart or putrefaction ( CVE-2019 - 8527 ) , may Pb to malicious apps say retentiveness layout ( CVE-2019 - 8540 , CVE-2019 - 6207 , CVE-2019 - 8510 ) , or may consequence in higher exclusive right ( CVE-2019 - 8514 ) . An anonymous investigator has cover an interesting exposure to CVE-2019 - 8553 affecting the GeoServices constituent . utilize CVE-2019 - 7293 let local anaesthetic drug user to study the nub retentivity and to educe tender selective information . Apple ’s security measure dapple stocktaking is telling not merely because of the orotund come of trouble turn to , but also because of the rigour of some of the exposure . Apple ’s abbreviated explanation notation that a dupe could institutionalize an arbitrary code carrying out “ malicious SMS relate . ”