SecureMac, Inc.

iOS 12.2 Patches Majors Security Flaws; Users Should Update Immediately

April 3, 2019

It seems like only yesterday when Apple was taking Group FaceTime down to give itself time to fix a severe bug discovered by a teenager. In the latest round of updates, iOS received fixes for several bugs as bad or worse than the FaceTime issue that gained a lot of publicity. These, however, Apple kept under wraps until the latest version, 12.2, was ready for release to the public. That means that while no one was likely affected “in the wild” by these issues, it’s imperative to secure your device …

iOS 12.2 Patches Majors Security Flaws; Users Should Update Immediately

It seems like only yesterday when Apple was taking Group FaceTime down to give itself time to fix a severe bug discovered by a teenager. In the latest round of updates, iOS received fixes for several bugs as bad or worse than the FaceTime issue that gained a lot of publicity. These, however, Apple kept under wraps until the latest version, 12.2, was ready for release to the public. That means that while no one was likely affected “in the wild” by these issues, it’s imperative to secure your device against them now. First, let’s take a closer look at what was fixed.

The core of iOS 12.2 is a series of fixes for WebKit, the engine that browsers the iPhone’s browser and allows you to enjoy all kinds of online connections. Thirteen bugs were fixed in total, and many of them concerned malicious websites. Just visiting a site with the appropriately crafted malicious code needed to exploit one of these vulnerabilities would enable it to gain privileges it was not allowed to have or to escape the digital “sandbox” that keeps apps separate.

Apple notes a fix for one such WebKit vulnerability that would allow the site to begin listening to the user’s device microphone — without the mandatory on-screen indicator or even any user permission at all. Naturally, that’s not just a security risk; it’s a privacy problem, too. Another, similar flaw, now patched, would allow a website to track the physical sensors in the phone, including its accelerometer. While that might not sound as scary as a site listening in on you, it’s still data it should not have.

In iOS 12.2, Apple also patched a text message-related bug. Users could have received a malicious link in a message, which when tapped would enable malware to run its own code on your device. Dozens of other attack vectors for malicious apps were also closed in the update while additional fixes hardened security against potential data leaks.

Updating your iOS device is easy if you have not yet received iOS 12.2. First, ensure that your phone is plugged in to power or has a sufficiently high level of charge; your phone will warn you if it needs power before updating. Next, tap on your Settings app, followed by General. Find the Software Update page and apply the latest update. A few minutes later, you’re all set — and you can return to enjoying the peace of mind that comes with a safer system.

Get the latest security news and deals