Yesterday afternoon, after its conference during which it presented its new notebooks and the iPad Pro 2018, Apple also launched a new operating system update, the new iOS 12.1. This new version of the operating system for iPhone and iPad reached users with a large number of new features and improvements, although it has also arrived with a large number of vulnerability fixes.
iOS 12.1 update fixed some severe security and privacy vulnerabilities
Most of the vulnerabilities fixed by iOS 12.1 were issues found in FaceTime, Apple’s video calling application. This application concealed some security flaws that could allow attackers to execute malicious code on devices using a modified video or initiate a specific call or access data in the memory of the devices. Other messaging applications such as iMessage or VoiceOver were also affected by different vulnerabilities the iOS 12.1 update solved out.
Another security bug fixed in the iOS Contacts app could have allowed an attacker to generate a DoS on the system using a VCF file created for this purpose. Safari, Apple’s browser, as well as WebKit (Apple’s web engine), have also been affected by various vulnerabilities of all kinds, all of which have been now ruled out by iOS 12.1.
Besides the before-mentioned fixes, the iOS Kernel has also received a critical patch that corrects some security flaws and makes it even more secure. Several drivers, such as the graphics driver, also receive security fixes. Several bugs were also detected in components and tools related to encryption, such as CoreCrypto, IPSec or S/MIME messages. Apple fixed those, too.
In addition to iOS 12.1, Apple’s other operating systems, such as watchOS, tvOS, and above all macOS, have also received security patches and fixes.
iOS 12.1, unfortunately, boasts a vulnerability itself, affecting users’ privacy
Shortly after iOS 12.1 reached the public, a user was announced that a new security flaw in the iOS 12.1 lock screen function could easily allow any malevolent person to access private user information even though the iPhone or iPad is locked. As reported, the bug resides within the FaceTime app.
This privacy vulnerability is due to Apple removing the code request when trying to access user data through FaceTime even if the device is locked, a severe failure, whatsoever.