“Apple” launches an emergency update for iOS
“آبل” تطلق تحديثا اضطراريا لنظام iOS
Patch your Macs, people, and your Apple Watches and older iPhones, iPads and iPod Touches.
Apple yesterday (Sept. 26) released an emergency update for Macs to fix a flaw that would let a “remote attacker … cause unexpected application termination or arbitrary code execution.”
In plain English, that means a hacker could access your Mac from the internet and run malicious code or shut down legitimate applications. Needless to say, that is Very Bad.
Patches were also issued yesterday for watchOS (5.3.2)and iOS 12 (12.4.2) to fix the same flaw. New iPhones, iPads and iPods got the fix last week with the release of iOS 13, but many older iOS devices, such as the iPhone 5s, 6 and 6 Plus, have to stick with iOS 12.
The Mac patches are for the last three versions of macOS — 10.14 Mojave, 10.13 High Sierra and 10.12 Sierra — but you won’t get a new version number for your build. Older, unsupported versions of macOS/OS X are likely affected as well. (If you’re still running one of those, it’s time to update.)
Clearing up a mystery
Apple isn’t saying much more about the flaw, other than that it involves “an out-of-bounds read [that] was addressed with improved input validation,” was discovered by Google Project Zero researchers Samuel Groß and Natalie Silvanovich, and was assigned the Common Vulnerability and Exposures (CVE) number CVE-2019-8641.
But it turns out the vulnerability goes back several months, and was left unresolved long after a similar slew of flaws was fixed.
This morning (Sept. 27), Sophos’ Paul Ducklin connected the dots and figured out that this is the last of several mainly iOS flaws that Groß and Silvanovich revealed over the summer, and the only one of those flaws to remain unexplained and unpatched for nearly two months.
You may recall that there were a number of Apple Messages flaws revealed in late July, which Apple mostly remediated with iOS 12.4. Some of the flaws would have let hackers take over iPhones simply by sending a specially crafted message.
As is standard procedure, the Project Zero researchers explained exactly how the bugs worked after Apple issued iOS 12.4. But they held back information about one flaw because they felt iOS 12.4 didn’t fully fix it.
“We are withholding CVE-2019-8641 until its deadline because the fix in the advisory did not resolve the vulnerability,” Silvanovich wrote on Twitter July 29.
The mystery flaw stayed unrevealed for two more months, even as Silvanovich and Groß took their research on the road and presented their findings at the Black Hat security conference in August, and as Apple updated iOS to version 12.4.1 and released a “supplemental” update to macOS Mojave 10.14.6.
Finally, full disclosure
Now that everything’s really been fixed, the cat’s out of the bag. Silvanovich quietly made public the details of CVE-2019-8641 on Monday (Sept. 23), after the release of iOS 13, in a Project Zero blog posting.
Her explanation of the vulnerability is beyond comprehension for anyone not well versed in the internal workings of iOS, but she noted that “this issue has not yet been fixed for Mac and iPad, but is now only a local vulnerability due to the change in 12.4.1.”
Those local vulnerabilities, presumably, have now been addressed with the iOS 12.4.2 update and the macOS patches.
source: tomsguide.com
أصدرت “آبل” تحديثا اضطراريا لنظام تشغيل أجهزتها الذكية، وذلك بعد يومين فقط من إطلاق نسخة iOS-13 .
وأشار الخبراء في “آبل” إلى أن الإصدار الجديد (13.1.2) من أنظمة iOS جاء لإصلاح بعض الثغرات الفنية والتقنية التي اكتشفت في إصدار iOS-13.1.1 ،.
وحسب موقع “روسيا اليوم” من المفترض أن يساهم الإصدار الجديد في حل مشكلات دعم تطبيق الكاميرا التي واجهتها هواتف “آيفون” مؤخرا، كما سيساعد في التخلص من مشكلات عدم تشغيل ضوء الفلاش وفقدان بيانات معايرة الشاشة التي عانت منها تلك الأجهزة، كما سيخلص مستخدمي أجهزة “آبل” من مشكلة انقطاع الاتصال عند استعمال البلوتوث.
وكانت “آبل” قد أطلقت النسخة الـ 13 من أنظمة iOS قبل أيام، داعمة تلك النسخة بالعديد من المزايا الجديدة، كميزة “الوضع الداكن” Dark Mode التي تسمح للمستخدم بتحويل خلفيات التشغيل إلى اللون الأسود، لترشيد استهلاك الطاقة في الهاتف، وحماية العين من الإشعاعات الضارة.
كما أتى iOS الجديد بالعديد من التحسينات التي شملت أنظمة عمل الخرائط الإلكترونية، ووفر إمكانية التحكم بترتيب الصور والفيديوهات بشكل أفضل في الهاتف أو الحاسب اللوحي، ويساعد على عرض الصور للمستخدم وفقا لليوم أو الأسبوع أو الشهر أو السنة الذي التقطت فيه.