Apple releases iOS 12, tvOS 12, watchOS 5 and Safari 12

This was written two weeks ago but never published. Publishing now for record sake

Apple today released the highly anticipated iOS 12 which is loaded with new features and has been optimized to make even the oldest supported iPhone, the 5s, perform better. tvOS 12, watchOS 5 and Safari 12 were also released and all of these updates contain security fixes as well which I’ll cover in this article.

iOS 12

Listed as an update that “brings performance improvements and exciting new features to iPhone and iPad.”
This update does not just contain a slew of new features and enhancements, it also contains 18 security fixes. There are more fixes included in iOS 12 but these have not been documented by Apple yet, we expect them to be listed once macOS Mojave is released as both operating systems probably share a lot of the same fixes. A few of the highlights:

Bluetooth
Available for: iPhone SE, iPhone 6s, iPhone 6s Plus, iPhone 7, iPhone 7 Plus, iPad Mini 4, 12.9-inch iPad Pro 1st generation, 12.9-inch iPad Pro 2nd generation, 10.5-inch iPad Pro, 9.7-inch iPad Pro, iPad 5th generation, and iPod Touch 6th generation
Impact: An attacker in a privileged network position may be able to intercept Bluetooth traffic
Description: An input validation issue existed in Bluetooth. This issue was addressed with improved input validation.

CoreMedia
Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation
Impact: An app may be able to learn information about the current camera view before being granted camera access
Description: A permissions issue existed. This issue was addressed with improved permission validation.

iTunes Store
Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation
Impact: An attacker in a privileged network position may be able to spoof password prompts in the iTunes Store
Description: An input validation issue was addressed with improved input validation.

Messages
Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation
Impact: A local user may be able to discover a user’s deleted messages
Description: A consistency issue existed in the handling of application snapshots. The issue was addressed with improved handling of message deletions.

Security
Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation
Impact: An attacker may be able to exploit weaknesses in the RC4 cryptographic algorithm
Description: This issue was addressed by removing RC4.

Apple disabled the RC4 cipher suite by default in iOS 10 as it is no longer a secure encryption and can be cracked fairly easily. In iOS 12 Apple has decided to remove it completely as it was apparently still causing some security issues.

The full list of security issues addressed can be found here. iOS 12 can be downloaded over the air by going to Settings > General > Software Update. You can also connect your iOS device to your Mac and let iTunes do the update for you.

tvOS 12

Available for the 4th and 5th Generation Apple TV’s, this update introduces new features such as zero sign-on, Dolby Atmos support, new screensavers and AutoFill passwords from iPhone. Of course I wouldn’t be writing about this update if it didn’t include some security related fixes as well! In this case, 5 security fixes were listed by Apple with more to come once macOS Mojave is released. The listed fixes include those covered in iOS 12. Messages, Security, CoreMedia, Kernel and Bluetooth all had some work done to enhance security.

The full list of security issues addressed can be found here. The tvOS update can be downloaded directly from the Apple TV by going to Settings > System > Update Software.

watchOS 5

Available for Apple Watch Series 1 and later, watchOS 5 brings new features such as raise to speak, walkie-talkie, Siri shortcuts, new watch faces and more. The security fixes included are some of the same as those found in iOS 12 and tvOS 12. The full list of security issues addressed can be found here. watchOS 5 can be installed by connecting the watch to its charger, then on the iPhone open the Apple Watch app > My Watch tab > General > Software Update.

Safari 12

The latest version of Safari, available for macOS Sierra and High Sierra users, brings quite a few new features and enhancements that improve overall security. When a new account is created on a website, Safari will offer to help create a strong password. Pop-up blocking has been enhanced, cross-site tracking has been thwarted even more and NPAPI plugin support has been discontinued. Under the hood three security issues were addressed that include a malicious website’s ability to exfiltrate autofilled data and a malicious website’s ability to spoof the user interface.

The full list, however small it may be at this time, of security issues addressed can be found here. The new Safari 12 can be downloaded through the Updates tab of the App Store.