On 25th of March 2019 (Monday) Apple has released iOS 12.2 to patch a total of 51 security vulnerabilities in the OS of the mobile devices that affects the iPhone 5s and the later models, iPad Air and the later models and iPod touch 6th generation. The maximum of the vulnerabilities that the Apple has patched this month reside in its web rendering engine WebKit that is used by several apps and the web browsers running on the OS of the Apple. As per the advisory, just opening a malware or the maliciously crafted web content using any vulnerable WebKit based application could allow the remote attackers to execute the arbitrary code, disclose the sensitive user information, bypass the sandbox restrictions or launch the universal cross-site scripting attacks on the Apple devices.
Amongst the WebKit vulnerabilities, that include a consistency issue (CVE-2019-6222), allows the malicious websites to access an iOS device microphone without the display of the “microphone-in-use” indicator. A comparatively similar vulnerability, CVE-2019-8566, has been patched in the ReplayKit API of Apple that could allow a malicious application to access the iOS device’s microphone without even alerting the users. Apple was also seen to patch a serious local bug (CVE-2019-8503) in the WebKit that could have allowed the malicious websites to execute the scripts in the context of the other website that allows them to burgle your information that is stored on the other websites or launch a wide-range of the online attacks.
Along with the WebKit issues, the advisory has also unearthed the existence of a critical flaw in the previous iOS versions that could pave the way to the arbitrary code execution only by convincing the victims into clicking a SMS link believed to be malicious. The SMS vulnerability that has been identified as CVE-2019-8553 seems to affect iPhone 5s and later, iPad Air and later and as well as iPod touch 6th generation devices.