Apple iOS 18.2 Update: Apple has rolled out iOS 18.2 and iPadOS 18.2 updates, bringing crucial security fixes to its devices including iPhone XS and later models, as well as various iPad Pro, iPad Air, iPad and iPad mini generations.
According to Apple, these updates address a range of vulnerabilities, some of which could potentially expose users to significant risks.
The tech giant is refraining from releasing details about vulnerabilities until investigations are completed and patches are made available. Here's an overview of the major issues addressed in the latest update:
Data privacy risks
Multiple vulnerabilities in AppleMobileFileIntegrity have been fixed that could have allowed malicious applications to access sensitive information. According to the company, researchers Mickey Jin and Arsenii Kostromin, along with others, identified these flaws, highlighting potential risks to user privacy.
Similarly, a permissions issue in Crash Reporter has been fixed that prevents apps from accessing sensitive user data without proper authorization.
Kernel security improvements
Several kernel-related vulnerabilities have been fixed. One issue, identified by Joseph Ravichandran, involved a race condition that could lead to leakage of sensitive kernel states. Another kernel flaw could allow attackers to corrupt memory or cause unexpected system terminations. These vulnerabilities were addressed with improved validation and memory handling mechanisms.
Problems with WebKit and image processing
WebKit, the engine that powers Apple's Safari browser, was central to this update. Researchers have discovered multiple flaws in the processing of maliciously crafted web content, which can lead to memory corruption or process crashes. Apple has resolved these issues with improved memory handling and better controls.
Additionally, vulnerabilities in ImageIO and FontParser have been patched to prevent process memory from being released when processing maliciously crafted images or fonts.
Application rights management
Issues in libxpc allowed applications to escape sandbox restrictions or gain elevated privileges, posing significant risks to device security. Apple has implemented logical controls to mitigate these threats.
Various solutions
The update also fixed a Safari issue where adding websites to the Reading List while using Private Relay could reveal the user's original IP address. Additionally, improvements to VoiceOver ensure that attackers with physical access to a device cannot view notification contents from the lock screen.
Users are advised to install iOS 18.2 and iPadOS 18.2 immediately to protect their devices and personal data.