Apple iOS 12.1.3, watchOS 5.1.3 sowie tvOS 12.1.2 veröffentlicht
Ihr seid iPad- oder iPhone-Besitzer? Dann wartet ab sofort ein Update auf euch, denn Apple hat iOS 12.1.3 veröffentlicht. iOS 12.1.3 ist ein kleines Update, während der Betaphase sind keine Neuerungen hinzugekommen, stattdessen hat Apple an Bugfixes und der Stabilität gearbeitet. Laut Versionshinweisen von Apple enthält iOS 12.1.3 Korrekturen für mehrere Fehler, die auch iPad Pro, HomePod, CarPlay und andere betreffen. Die genauen Informationen zu sicherheitsrelevanten Dingen sind zur Stunde noch nicht online und werden von uns nachgereicht. Neben iOS 12.1.3 hat Apple auch watchOS 5.1.3 für die Apple Watch veröffentlicht – und auch der Apple TV bekommt tvOS 12.1.2.
– Behebt ein Problem in Nachrichten, das das Scrollen durch Fotos in der Detailansicht beeinträchtigen könnte.
– Behebt ein Problem, bei dem Fotos gestreifte Artefakte haben könnten, nachdem sie aus dem Share Sheet gesendet wurden.
– Behebt ein Problem, das bei der Verwendung externer Audioeingabegeräte auf dem iPad Pro (2018) zu Audioverzerrungen führen kann.
– Behebt ein Problem, bei dem bestimmte CarPlay-Systeme die Verbindung zu iPhone XR, iPhone XS und iPhone XS Max trennen können.Diese Version enthält auch Bugfixes für den HomePod. Dieses Update:
– Behebt ein Problem, das dazu führen konnte, dass HomePod neu gestartet wurde.
– Behebt ein Problem, das Siri dazu veranlassen könnte, nicht mehr zuzuhören.
Update: Die Sicherheitsaspekte.
APPLE-SA-2019-1-22-1 iOS 12.1.3
iOS 12.1.3 is now available and addresses the following:
AppleKeyStore
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A sandboxed process may be able to circumvent sandbox
restrictions
Description: A memory corruption issue was addressed with improved
validation.
CVE-2019-6235: Brandon Azad
Bluetooth
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: An attacker in a privileged network position may be able to
execute arbitrary code
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2019-6200: an anonymous researcher
Core Media
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A malicious application may be able to elevate privileges
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2019-6202: Fluoroacetate working with Trend Micro’s Zero Day
Initiative
CVE-2019-6221: Fluoroacetate working with Trend Micro’s Zero Day
Initiative
CoreAnimation
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A malicious application may be able to read restricted memory
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2019-6231: Zhuo Liang of Qihoo 360 Nirvan Team
CoreAnimation
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A malicious application may be able to break out of its
sandbox
Description: A memory initialization issue was addressed with
improved memory handling.
CVE-2019-6230: Proteas, Shrek_wzw and Zhuo Liang of Qihoo 360 Nirvan
Team
FaceTime
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A remote attacker may be able to initiate a FaceTime call
causing arbitrary code execution
Description: A buffer overflow issue was addressed with improved
memory handling.
CVE-2019-6224: Natalie Silvanovich of Google Project Zero
IOKit
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A malicious application may be able to break out of its
sandbox
Description: A type confusion issue was addressed with improved
memory handling.
CVE-2019-6214: Ian Beer of Google Project Zero
Kernel
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A malicious application may be able to elevate privileges
Description: A memory corruption issue was addressed with improved
validation.
CVE-2019-6225: Brandon Azad of Google Project Zero, Qixun Zhao of
Qihoo 360 Vulcan Team
Kernel
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A malicious application may be able to execute arbitrary code
with kernel privileges
Description: A memory corruption issue was addressed with improved
input validation.
CVE-2019-6210: Ned Williamson of Google
Kernel
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A malicious application may cause unexpected changes in
memory shared between processes
Description: A memory corruption issue was addressed with improved
lock state checking.
CVE-2019-6205: Ian Beer of Google Project Zero
Kernel
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A buffer overflow was addressed with improved bounds
checking.
CVE-2019-6213: Ian Beer of Google Project Zero
Kernel
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A malicious application may be able to determine kernel
memory layout
Description: An out-of-bounds read issue existed that led to the
disclosure of kernel memory. This was addressed with improved input
validation.
CVE-2019-6209: Brandon Azad of Google Project Zero
Kernel
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A malicious application may cause unexpected changes in
memory shared between processes
Description: A memory initialization issue was addressed with
improved memory handling.
CVE-2019-6208: Jann Horn of Google Project Zero
Keyboard
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: Password autofill may fill in passwords after they were
manually cleared
Description: An issue existed with autofill resuming after it was
canceled. The issue was addressed with improved state management.
CVE-2019-6206: Sergey Pershenkov
libxpc
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A malicious application may be able to execute arbitrary code
with kernel privileges
Description: A memory corruption issue was addressed with improved
input validation.
CVE-2019-6218: Ian Beer of Google Project Zero
Natural Language Processing
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: Processing a maliciously crafted message may lead to a denial
of service
Description: A denial of service issue was addressed with improved
validation.
CVE-2019-6219: Authier Thomas
Safari Reader
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: Processing maliciously crafted web content may lead to a
cross site scripting attack
Description: A cross-site scripting issue existed in Safari. This
issue was addressed with improved URL validation.
CVE-2019-6228: Ryan Pickren (ryanpickren.com)
SQLite
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A maliciously crafted SQL query may lead to arbitrary code
execution
Description: Multiple memory corruption issues were addressed with
improved input validation.
CVE-2018-20346: Tencent Blade Team
CVE-2018-20505: Tencent Blade Team
CVE-2018-20506: Tencent Blade Team
WebKit
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2019-6227: Qixun Zhao of Qihoo 360 Vulcan Team
CVE-2019-6233: G. Geshev from MWR Labs working with Trend Micro’s
Zero Day Initiative
CVE-2019-6234: G. Geshev from MWR Labs working with Trend Micro’s
Zero Day Initiative
WebKit
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: Processing maliciously crafted web content may lead to
universal cross site scripting
Description: A logic issue was addressed with improved validation.
CVE-2019-6229: Ryan Pickren (ryanpickren.com)
WebKit
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A type confusion issue was addressed with improved
memory handling.
CVE-2019-6215: Lokihardt of Google Project Zero
WebKit
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: Multiple memory corruption issues were addressed with
improved memory handling.
CVE-2019-6212: an anonymous researcher, Wen Xu of SSLab at Georgia
Tech
CVE-2019-6216: Fluoroacetate working with Trend Micro’s Zero Day
Initiative
CVE-2019-6217: Fluoroacetate working with Trend Micro’s Zero Day
Initiative, Proteas, Shrek_wzw, and Zhuo Liang of Qihoo 360 Nirvan
Team
CVE-2019-6226: Apple
WebRTC
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A memory corruption issue was addressed with improved
state management.
CVE-2019-6211: Georgi Geshev (@munmap), Fabi Beterke (@pwnfl4k3s),
and Rob Miller (@trotmaster99) of MWR Labs (@mwrlabs) working with
Trend Micro’s Zero Day Initiative
Additional recognition
mDNSResponder
We would like to acknowledge Fatemah Alharbi of University of
California, Riverside (UCR) and Taibah University (TU), Feng Qian of
University of Minnesota – Twin City, Jie Chang of LinkSure Network,
Nael Abu-Ghazaleh of University of California, Riverside (UCR),
Yuchen Zhou of Northeastern University, and Zhiyun Qian of University
of California, Riverside (UCR) for their assistance.
Safari Reader
We would like to acknowledge Ryan Pickren (ryanpickren.com) for their
assistance.
WebKit
We would like to acknowledge James Lee (@Windowsrcer) of Kryptos
Logic for their assistance.
Bin ich ja gespannt ob die Probleme mit dem Mobilen Netz behoben wurden. Mein Xr Netzwerk hat sich oft verabschiedet. Nur noch vollen EDGE Empfang angezeigt, aber kein Netzwerk mehr gehabt und das an stellen wo es teilweise vollen 3G Empfang hatte, nach dem ich den Flugmodus an und ausgeschalten habe.
Das ist kein Bug, ein Handy braucht meist etwas um sich mit dem Masten zu verbinden. Vielleicht auch schlechter Empfang.
Da es erst ab iOS 12.1.2 aufgetreten ist, wird es wohl eher an iOS liegen. 😉 Ist ja auch ein bekanntes Problem.
Hatte ich mit dem Xs aber auch.
Trat ebenfalls erst seit 12.1.2 auf. Vorher war alles gut.
also bei mir hat es sich nicht verbessert. immernoch die gleichen probleme.
Ich habe Sore mein iPhone 8 zu aktualisieren. Kann der Patentstreit mit Qualcomm dazu führen, dass Apple irgendwas an dem Modell deaktiviert/verändert?
Ist ’ne ernst gemeinte Frage
Bruce Willis würde das nicht fragen sondern handeln!
XD beste!
Qualcomm kann sogar verlangen dass bereits verkaufte Geräte zurückgerufen werden. Aber mach dir keine Sorgen, der Prozess soll nur ablenken.
Ich sag da nur… Jippie-Ja-Jeh, Schweinebacke xD
Habe die Beta davon seit längerem im Test und hab seit dem Zeitpunkt massive Akku Probleme; z.B. über Nacht im Flugmodus ohne Aktivitäten in 6 Stunden ca. 40% Akku verbraucht…und ja das Phänomen tritt seit mehreren Tag auf …
Entsprechende Meldung ging an Apple…..die US Foren sind leider voll von den Meldungen…..nervt mich langsam, dass es in jeder iOS Version immer wieder dieses Phänomen auftritt.
Kann bei mir dieses Problem mit Akkuverbrauch zum Glück nicht nachvollziehen.
Gestern Update auf die neue iOS Version und gleichzeitig Handy auf 100% geladen.
Nachdem ich es vom Stecker genommen habe hatte ich heute noch 93% Akku am morgen.
Sei froh.
das Problem habe ich auf einem iPhone7; ein Kumpel auf dem iPhone5s und ein anderer auf iPhone 8….