Apple Fixes Passcode Bypass, RCE Vulnerabilities, and More in Today’s Updates.

Apple Medicine

Today Apple released updates for their core products that includes iCloud, Safari, iTunes, macOS Mojave, High Sierra, Sierra, Shortcuts for iOS 2.1.2, tvOS 12.1.1, and of course iOS 12.1.1.

Included in these security updates are numerous code execution, privilege escalations, and information disclosure vulnerabilities. Due to this, if you are the user of any of the above products, you should update them as soon as possible.

iOS 12.1.1 fixes FaceTime locked screen contacts disclosure

iOS 12.1.1 fixes a bug that was discovered at the end of October, the day after iOS 12.1 was released, that allows a user to access a phone’s contacts even when iOS was locked.  This bug was discovered by security researcher Jose Rodriguez who has a knack for finding these types of bypasses and demonstrates them on YouTube.

Other vulnerabilities that were fixed include remote code execution, information disclosure, escalation of privileges, and denial of service attacks.

Shortcuts for iOS gets its first security update!

Shortcuts is a new feature added to iOS 12 that allows you to create shortcuts that execute multiple commands with one voice command or tap.

This update is Shortcuts for iOS’ first one and sadly there is not much to indicate what was fixed if anything.  Instead we are greeted with the following statement:

“This update has no published CVE entries. We would like to acknowledge Micah A for their assistance.”

Whoever Micah A is, congrats!

Below are the rest of the Apple security updates released today.