Network Security, Patch/Configuration Management, Vulnerability Management

Apple tweaks lock screen options in iOS security update

Bradley BarthOctober 9, 2018

Apple yesterday issued its first software update for the iOS 12 operating system, fixing two bugs that both impact lock screen security. It also separately remedied 19 vulnerabilities in iCloud for Windows 7.7.

The release of iOS 12.0.1 repairs CVE-2018-4380, a flaw in the VoiceOver feature, which a local attacker could exploit to view photos and contacts from the lock screen. It also addresses CVE-2018-4379, an issue in Quick Look that allows local attackers to share items from the lock screen by accessing the share function. Apple fixed both issues by restricting options offered on locked device, the company explains in a security advisory.

Meanwhile, the 19 bugs that were found in iCloud all were found in the WebKit. If left unpatched, they could lead to assertion failure, unwanted cross-origin errors or behavior, code execution, script execution (in the context of other websites), and exfiltration of data.

Bradley Barth

As director of multimedia content strategy at CyberRisk Alliance, Bradley Barth develops content for online conferences, webcasts, podcasts video/multimedia projects — often serving as moderator or host. For nearly six years, he wrote and reported for SC Media as deputy editor and, before that, senior reporter. He was previously a program executive with the tech-focused PR firm Voxus. Past journalistic experience includes stints as business editor at Executive Technology, a staff writer at New York Sportscene and a freelance journalist covering travel and entertainment. In his spare time, Bradley also writes screenplays.