Government of the Republic of Trinidad and Tobago                                                                                                                                        


News

TTCSIRT-229.092719: TT-CSIRT ADVISORY – APPLE SECURITY UPDATES

27th September 2019

Apple has released security updates to address vulnerabilities in multiple products. An attacker could exploit one of these vulnerabilities to obtain access to sensitive information.

TTCSIRT encourages users and administrators to review Apple’s security updates page and apply the necessary updates:

https://support.apple.com/en-us/HT201222

 

1) CVE-2019-8641 – A remote attacker may be able to cause unexpected application termination or arbitrary code execution. Affects macOS Sierra 10.12.6, macOS High Sierra 10.13.6, and macOS Mojave 10.14.6.

2) CVE-2019-8641 – A remote attacker may be able to cause unexpected application termination or arbitrary code execution. Affects Apple Watch Series 1 and Apple Watch Series 2.

3) CVE-2019-8641 – A remote attacker may be able to cause unexpected application termination or arbitrary code execution. Affects iPhone 5s, iPhone 6, iPhone 6 Plus, iPad Air, iPad mini 2, iPad mini 3, and iPod touch 6th generation.

4) CVE-2019-8775 – A person with physical access to an iOS device may be able to access contacts from the lock screen. Affects iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation.

5) CVE-2019-8654 – Visiting a malicious website may lead to user interface spoofing

6) CVE-2019-8725 – Service workers may leak private browsing history