Most of the flaws affect the web rendering engine WebKit, an attacker could trick victims into opening a maliciously crafted web content to execute arbitrary code, disclose sensitive user information, bypass sandbox restrictions, or launch universal cross-site scripting attacks on the device.
The WebKit vulnerability tracked as CVE-2019-6222 could be exploited by an attacker to set up a malicious website to potentially access an iOS device microphone without the “microphone-in-use” indicator being shown.
“A website may be able to access the microphone without the microphone use indicator being shown” reads the security advisory published by Apple.
“A consistency issue was addressed with improved state handling.”
Another flaw in
Another troubling issues is a ReplayKit API bug, tracked as CVE-2019-8566, that could be exploited by a malicious application to access the microphone on vulnerable devices.
“A malicious application may be able to access the microphone without indication to the user.” reads the advisory published by Apple.
“An API issue existed in the handling of microphone data. This issue was addressed with improved validation.”
Apple also fixed a critical vulnerability (CVE-2019-8553) in earlier iOS versions that could lead to arbitrary code execution just by tricking victims into clicking a malicious SMS link.
The CVE-2019-8553 flaw affects iPhone 5s and later, iPad Air and later, and iPod
Apple addressed a total of six vulnerabilities in
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.