Apple Released iOS 12.1 With Multiple Security Fixes Including iOS Passcode Bypass

Hack News

Latest Hacker News and IT Security News

Security

Apple Released iOS 12.1 With Multiple Security Fixes Including iOS Passcode Bypass

Apple’s innovative iOS 12 brought some exciting features. Particularly, the security features launched with iOS 12 which earned it significant attention. However, it also carried a lot of security flaws such as the iOS 12 lock screen bypass bug that exposed the device’s data. Taking into account all these problems, Apple released iOS 12.1 this week, which is the first major update since the launch of iOS 12.

Apple Released iOS 12.1 Fixing Lock Screen Bypass

This week, Apple released iOS 12.1 update that addressed multiple vulnerabilities in the previous version. Reportedly, as much as 24 different features exhibited serious security flaws which have received a patch with this update.

The most important of these include the vulnerabilities triggering a iOS 12 passcode bypass. As discovered by Jose Rodriguez, an attacker could easily bypass the lock screen in iOS 12 via different methods. The attacker merely needed to exploit Siri or VoiceOver to trigger the bug. Exploiting these bypass methods could allow the attacker to access photos, contacts, and notes.

As stated in Apple’s security advisory regarding the vulnerability CVE-2018-4388 in Notes,

“A lock screen issue allowed access to the share function on a locked device. This issue was addressed by restricting options offered on a locked device.”

Whereas, regarding the VoiceOver vulnerability (CVE-2018-4387) exposing photos, Apple describes,

“A lock screen issue allowed access to photos via Reply With Message on a locked device. This issue was addressed with improved state management.”

Other Major Security Fixes

Apart from the lock screen bypass bugs, Apple has also patched numerous other bugs including critical vulnerabilities. This includes FaceTime vulnerabilities CVE-2018-4366 and CVE-2018-4367 discovered by a researcher Natalie Silvanovic from the Google Project Zero. The vulnerabilities could allow an attacker to leak memory, and to execute arbitrary codes by initiating FaceTime call, respectively.

Besides, the vulnerabilities in Messages, Contacts, CoreCrypto, Safari Reader, WebKit, and WiFi also received patches with this update.

Take your time to comment on this article.

Comment here