Apple Fixes Passcode, Remote Code Execution Flaws in iOS and macOS
December 06, 2018 / Sean Michael Kerner
Apple released a series of updates on Dec. 5 to its desktop and mobile operating systems, patching serious vulnerabilities that could have exposed users to risk. Among the updates released by Apple are iOS 12.1.1, macOS Mojave 10.14.2 and Safari 12.0.2. The bugs fixed across the updates include privilege escalation, arbitrary code execution, memory corruption and denial-of-service flaws. In iOS 12.1.1, one of the most impactful issues patched is a passcode bypass one with the FaceTime conferencing application. "A local attacker may be able to view contacts from the lock screen," Apple wrote in its advisory for the FaceTime vulnerability, which is also identified as CVE-2018-4430. "A lock screen issue allowed access to contacts on a locked device."