What’s in Apple’s Latest Security Digest?
Apple recently released a comprehensive set of security updates, affecting devices and applications ranging from the iPhone to the Apple Watch to iTunes to the Apple TV. Below, we have outlined some basic details about these updates, including the devices they are intended for and the security problems they fix.
- APPLE-SA-2018-12-06-1 watchOS 5.1.2
This update for watchOS addresses numerous security vulnerabilities that could be exploited to gain or elevate privileges, to execute arbitrary code, to spoof the watch interface, or to present untrusted configurations as verified or trustworthy.
- APPLE-SA-2018-12-05-7 Shortcuts 2.1.2
Apple has not provided specific details about this update or what vulnerabilities it patches.
- APPLE-SA-2018-12-05-6 iCloud for Windows 7.9
Apple customers utilizing iCloud for Windows should download this update to shield themselves from security vulnerabilities inherent in past versions of the software. These vulnerabilities include Webkit issues that would have allowed for arbitrary code execution, as well as a Safari issue that would have allowed hackers to spoof the address bar.
- APPLE-SA-2018-12-05-5 iTunes 12.9.2 for Windows
This update is intended for iTunes software installed on PCs running Windows 7 or later. The update fixes bugs that would have allowed for address bar spoofing, interface spoofing, or arbitrary code execution if users attempted to visit malicious websites or process malicious web content.
- APPLE-SA-2018-12-05-4 Safari 12.0.2
These Safari updates apply to Apple computers running macOS Sierra 10.12.6, macOS High Sierra 10.13.6, or macOS Mojave 10.14.1. The update addresses vulnerabilities which could have allowed for code execution, address bar spoofing, and more. Also fixed was a Safari bug that made it difficult or impossible for some users to delete their full browsing histories.
- APPLE-SA-2018-12-05-3 tvOS 12.1.1
This update applies to Apple TV users. It fixes problems that left Apple TVs vulnerable to denial of service attacks, arbitrary code execution, elevation of privileges, and possible privacy issues.
- APPLE-SA-2018-12-05-2 macOS Mojave 10.14.2, Security Update 2018-003 High Sierra, Security Update 2018-006 Sierra
Users running any of the macOS operating systems listed should install these security updates immediately. The bugs fixed may have allowed hackers to elevate privileges, read restricted memory, execute arbitrary code, perform denial of service attacks, or cause sudden system shutdowns.
- APPLE-SA-2018-12-05-1 iOS 12.1.1
The latest iOS update applies to most Apple mobile devices, including any iPhones models later than the 5S, any iPad models later than the original iPad Air (released in fall 2013), and any iPod Touch models later than the sixth generation (released in July 2015). It resolves a variety of dangerous bugs, including a FaceTime vulnerability that may have made it possible for local attackers to view contacts from the lock screen and a File Provider issue that may have enabled hackers to identify the apps installed on an iOS device.