Table of Contents
Apple has finally started rolling out the new iOS 12 to the compatible iPhones and iPhones today. The new iOS 12 comes with tons of new features and performance enhancements as per the iOS 12 changelog. The update is of 1.56GB in size if your device has iOS 11.4.1 but if you have the older version on your phone then this size might exceed 2GB. The users can not update their device via mobile networks and they have to connect to a wifi network to complete this update. The complete changelog of the update is available at the end of this post. You can download the update from your iOS device by navigating to settings>>general>>software update to update your device.
iOS 12 for iPhones
The new iOS 12 is available for the iPhone 5s and above including iPhone 5S, iPhone 6, iPhone 6 Plus, iPhone 6s, iPhone 6s Plus, iPhone SE, iPhone 7, iPhone 7 Plus, iPhone 8, iPhone 8 Plus and iPhone X while the new iPhone XS, iPhone XS Max, and iPhone XR will run iOS 12 out of the box. iPad Mini 2, 3 and 4, iPad Air, iPad Air 2, iPad 6th and 5th generation, Apple iPad Pro 12.9-inch first and second generation, iPad Pro in 9.7-inches and 10.5-inches and iPod Touch 6th generation are receiving the iOS 12 update. Here is the complete changelog, features and enhancements available from the Apple iOS 12 update screen:
Accounts
Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation
Impact: A local app may be able to read a persistent account identifier
Description: This issue was addressed with improved entitlements.
CVE-2018-4322
Bluetooth
Available for: iPhone SE, iPhone 6s, iPhone 6s Plus, iPhone 7, iPhone 7 Plus, iPad Mini 4, 12.9-inch iPad Pro 1st generation, 12.9-inch iPad Pro 2nd generation, 10.5-inch iPad Pro, 9.7-inch iPad Pro, iPad 5th generation, and iPod Touch 6th generation
Impact: An attacker in a privileged network position may be able to intercept Bluetooth traffic
Description: An input validation issue existed in Bluetooth. This issue was addressed with improved input validation.
CVE-2018-5383
Core Bluetooth
Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation
Impact: An application may be able to execute arbitrary code with system privileges
Description: A memory corruption issue was addressed with improved memory handling.
CVE-2018-4330
CoreMedia
Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation
Impact: An app may be able to learn information about the current camera view before being granted camera access
Description: A permissions issue existed. This issue was addressed with improved permission validation.
CVE-2018-4356
IOMobileFrameBuffer
Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation
Impact: An application may be able to read restricted memory
Description: A validation issue was addressed with improved input sanitization.
CVE-2018-4335
iTunes Store
Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation
Impact: An attacker in a privileged network position may be able to spoof password prompts in the iTunes Store
Description: An input validation issue was addressed with improved input validation.
CVE-2018-4305
Kernel
Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation
Impact: An application may be able to read restricted memory
Description: An input validation issue existed in the kernel. This issue was addressed with improved input validation.
CVE-2018-4363
Messages
Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation
Impact: A local user may be able to discover a user’s deleted messages
Description: A consistency issue existed in the handling of application snapshots. The issue was addressed with improved handling of message deletions.
CVE-2018-4313
Safari
Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation
Impact: A local user may be able to discover websites a user has visited
Description: A consistency issue existed in the handling of application snapshots. The issue was addressed with improved handling of application snapshots.
CVE-2018-4313
Safari
Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation
Impact: A user may be unable to delete browsing history items
Description: Clearing a history item may not clear visits with redirect chains. The issue was addressed with improved data deletion.
CVE-2018-4329
Safari
Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation
Impact: A malicious website may be able to exfiltrate auto-filled data in Safari
Description: A logic issue was addressed with improved state management.
CVE-2018-4307
SafariViewController
Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation
Impact: Visiting a malicious website may lead to address bar spoofing
Description: An inconsistent user interface issue was addressed with improved state management.
CVE-2018-4362
Security
Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation
Impact: An attacker may be able to exploit weaknesses in the RC4 cryptographic algorithm
Description: This issue was addressed by removing RC4.
CVE-2016-1777
Status Bar
Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation
Impact: A person with physical access to an iOS device may be able to determine the last used app from the lock screen
Description: A logic issue was addressed with improved restrictions.
CVE-2018-4325: Brian Adeloye
Wi-Fi
Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation
Impact: An application may be able to read restricted memory
Description: A validation issue was addressed with improved input sanitization.
CVE-2018-4338
New features in watchOS 5
iTunes Store
Available for: Apple Watch Series 1 and later
Impact: An attacker in a privileged network position may be able to spoof password prompts in the iTunes Store
Description: An input validation issue was addressed with improved input validation.
CVE-2018-4305: Jerry Decime
Kernel
Available for: Apple Watch Series 1 and later
Impact: An application may be able to read restricted memory
Description: An input validation issue existed in the kernel. This issue was addressed with improved input validation.
CVE-2018-4363
Safari
Available for: Apple Watch Series 1 and later
Impact: A local user may be able to discover websites a user has visited
Description: A consistency issue existed in the handling of application snapshots. The issue was addressed with improved handling of application snapshots.
CVE-2018-4313: 11 anonymous researchers, David Scott, Enes Mert Ulu of Abdullah Mürşide Özünenek Anadolu Lisesi – Ankara/Türkiye, Mehmet Ferit Daştan of Van Yüzüncü Yıl University, Metin Altug Karakaya of Kaliptus Medical Organization, Vinodh Swami of Western Governor’s University (WGU)
Security
Available for: Apple Watch Series 1 and later
Impact: An attacker may be able to exploit weaknesses in the RC4 cryptographic algorithm
Description: This issue was addressed by removing RC4.
CVE-2016-1777
New features in tvOS 12
Bluetooth
Available for: Apple TV (4th generation)
Impact: An attacker in a privileged network position may be able to intercept Bluetooth traffic
Description: An input validation issue existed in Bluetooth. This issue was addressed with improved input validation.
CVE-2018-5383
iTunes Store
Available for: Apple TV 4K and Apple TV (4th generation)
Impact: An attacker in a privileged network position may be able to spoof password prompts in the iTunes Store
Description: An input validation issue was addressed with improved input validation.
CVE-2018-4305
Kernel
Available for: Apple TV 4K and Apple TV (4th generation)
Impact: An application may be able to read restricted memory
Description: An input validation issue existed in the kernel. This issue was addressed with improved input validation.
CVE-2018-4363
Safari
Available for: Apple TV 4K and Apple TV (4th generation)
Impact: A local user may be able to discover websites a user has visited
Description: A consistency issue existed in the handling of application snapshots. The issue was addressed with improved handling of application snapshots.
CVE-2018-4313
Security
Available for: Apple TV 4K and Apple TV (4th generation)
Impact: An attacker may be able to exploit weaknesses in the RC4 cryptographic algorithm
Description: This issue was addressed by removing RC4.
CVE-2016-1777