Apple yesterday issued its first software update for the iOS 12 operating system, fixing two bugs that both impact lock screen security. It also separately remedied 19 vulnerabilities in iCloud for Windows 7.7.
The release of iOS 12.0.1 repairs CVE-2018-4380, a flaw in the VoiceOver feature, which a local attacker could exploit to view photos and contacts from the lock screen. It also addresses CVE-2018-4379, an issue in Quick Look that allows local attackers to share items from the lock screen by accessing the share function. Apple fixed both issues by restricting options offered on locked device, the company explains in a security advisory.
Meanwhile, the 19 bugs that were found in iCloud all were found in the WebKit. If left unpatched, they could lead to assertion failure, unwanted cross-origin errors or behavior, code execution, script execution (in the context of other websites), and exfiltration of data.