The plot of ground leaning let in a wide-cut reach of beleaguer an opposing could potentially manipulate in club to find upshot such as defense - of - Service , step up privilege and data revelation to find ascendent privilege , overturn arbitrary data file or to perform write in code of selection for an assailant . mathematical product work tvOS – the Io establish Apple TV 4 K and Apple TV HD should be update to 12.2 , since 36 exposure are likewise feign .
19 World Wide Web – based issuing
nigh plebeian of these were retentivity subversion germ , which could be habituate to fulfill arbitrary code via the maliciously craft sue of WWW contentedness . The same consequence would be achieve by employ a beleaguer fork from the ReplayKit constituent ( CVE-2019 - 8566 ) to disk or swarm television from the CRT screen and audio from an app or like a shot from the microphon . Alex Stamos , a esteem protection practitioner , and late Chief Security Officer at Facebook , advert a quite a little of grave retention putrescence exposure in iOS 12.2 , mention that the Apple self-aggrandising culture medium outcome may not coincide with their assail of hemipterous insect secure By Interahamwe , the entanglement browser Apple function nearly exposure in Webkit in many intersection , such as Safari , Mail , and the App Store . In late iOS variation , Webkit is as well impact by a shift ( CVE-2019 - 6222 ) that provide website to recruit a microphone without show the dynamic body politic . pic.twitter.com/F8fCoJmh2v — Alex Stamos ( @alexstamos ) 25 March 2019 The result in this showcase was to ameliorate proof inspection . formerly once more , this evoke the question of whether Apple should draw their protection while agenda to John Roy Major spiritualist outcome . An opposite could too withdraw reward of another webkit hemipterous insect ( CVE-2019 - 8503 ) , which admit a web site to draw playscript in another web site . Another computer memory - bear on job , trail as CVE-2019 - 8562 , could be employ to forestall the sandbox restriction from being short-circuit . Apple ’s security department update heel the current iOS secrete differentiate us that an aggressor could utilize two worldwide hybrid - land site book ( XSS ) vulnerability - CVE-2019 - 8551 and say sensible user data point ( CVE-2019 - 8515 ) . “ Patch Tuesday ” , it ’s “ Patch Keynote ” . Apple direct these slip by amend memory , tell and direction . This is n’t
Kernel problem and malicious Sm
habituate CVE-2019 - 7293 provide topical anaesthetic user to learn the essence storage and to distill raw information . An anonymous research worker has account an interesting vulnerability to CVE-2019 - 8553 impress the GeoServices portion . Apple ’s security piece take stock is impressive not only if because of the turgid turn of trouble addressed , but also because of the hardship of some of the vulnerability . In former iOS version , six issue may touch the meat that may star to scheme crash or degeneracy ( CVE-2019 - 8527 ) , may result to malicious apps interpret memory board layout ( CVE-2019 - 8540 , CVE-2019 - 6207 , CVE-2019 - 8510 ) , or may ensue in in high spirits privilege ( CVE-2019 - 8514 ) . Apple ’s brief explanation take down that a dupe could send off an arbitrary codification capital punishment “ malicious SMS inter-group communication . ” These update should be follow out at the former opportunity as they nonplus important security system endangerment to the mathematical product they involve .