Huntsville Macintosh Users Group
UNIX/Security News

Home | Archive | UNIX

Join the Group | About Us | Calendar | Contact Us | Site Index

Security Alert: Additional information for iOS 13.1 and iPadOS 13.1

(2019-10-29)

Apple has released additional information about the security related issues addressed by iOS 13.1 and iPadOS 13.1:

• AppleFirmwareUpdateKext (CVE-2019-8747): An application may be able to execute arbitrary code with kernel privileges
• Audio (CVE-2019-8706): Processing a maliciously crafted audio file may lead to arbitrary code execution
• Books (CVE-2019-877): Parsing a maliciously crafted iBooks file may lead to a persistent denial-of-service
• Kernel (CVE-2019-8740): An application may be able to execute arbitrary code with kernel privileges
• Kernel (CVE-2019-8809): A local app may be able to read a persistent account identifier
• Kernel (CVE-2019-8780): A malicious application may be able to determine kernel memory layout
• libxslt (CVE-2019-8750): Multiple issues in libxslt
• mDNSResponder (CVE-2019-8799): An attacker in physical proximity may be able to passively observe device names in AWDL communications
• VoiceOver (CVE-2019-8775): A person with physical access to an iOS device may be able to access contacts from the lock screen
• WebKit (CVE-2019-8769): Visiting a maliciously crafted website may reveal browsing history
• WebKit (CVE-2019-8710, CVE-2019-8743, CVE-2019-8751, CVE-2019-8752, CVE-2019-8763, CVE-2019-8765, CVE-2019-8766:, CVE-2019-8773): Processing maliciously crafted web content may lead to arbitrary code execution

© The Huntsville Macintosh Users Group 1995-2019
Apple, the Apple Logo, and Macintosh are registered trademarks of Apple, Inc.
Other names may be registered trademarks of their respective owners.