Apple Patches Passcode Bypass, FaceTime Flaws in iOS


Security updates released by Apple on Tuesday for its macOS, iOS, tvOS, watchOS, Safari, iCloud and iTunes products address tens of new vulnerabilities.

The advisory published by Apple for macOS lists over 70 CVE identifiers. This includes vulnerabilities affecting third-party components and flaws that were previously addressed by Apple and for which patches were now backported to older versions of the operating system.

The security holes patched this week can be exploited for arbitrary code execution, privilege escalation, information leakage, and denial-of-service (DoS) attacks.

The more interesting vulnerabilities include a crypto issue discovered by a team of researchers from two universities, flaws that allow applications to execute code with elevated privileges, and a user interface spoofing bug in the Mail app. The latest updates for macOS 10.14 Mojave also patch Variant 3a of the speculative execution bugs known as Spectre and Meltdown, and some vulnerabilities discovered by researcher Patrick Wardle, including one disclosed shortly after the launch of Mojave.

Read more…