Apple Just Patched These 20 Security Vulnerabilities With iOS 18.2

But the quiet side of any Apple software release surrounds its security patches.

Luckily, Apple says it fixed an “inconsistent user interface” to address the issue.

The issue was addressed with improved checks.

AppleMobileFileIntegrity(CVE-2024-54527): An app may be able to access sensitive user data.

This issue was addressed with improved checks.

Audio(CVE-2024-54503): Muting a call while ringing may not result in mute being enabled.

An inconsistent user interface issue was addressed with improved state management.

Crash Reporter(CVE-2024-54513): An app may be able to access sensitive user data.

A permissions issue was addressed with additional restrictions.

FontParser(CVE-2024-54486): Processing a maliciously crafted font may result in the disclosure of process memory.

The issue was addressed with improved checks.

ImageIO(CVE-2024-54500): Processing a maliciously crafted image may result in disclosure of process memory.

The issue was addressed with improved checks.

A race condition was addressed with additional validation.

Kernel(CVE-2024-54510): An app may be able to leak sensitive kernel state.

A race condition was addressed with improved locking.

Kernel(CVE-2024-44245): An app may be able to cause unexpected system termination or corrupt kernel memory.

The issue was addressed with improved memory handling.

libexpat(CVE-2024-45490): A remote attacker may cause an unexpected app termination or arbitrary code execution.

This is a vulnerability in open source code and Apple Software is among the affected projects.

libxpc(CVE-2024-54514): An app may be able to break out of its sandbox.

The issue was addressed with improved checks.

libxpc(CVE-2024-44225): An app may be able to gain elevated privileges.

A logic issue was addressed with improved checks.

This issue was addressed by using HTTPS when sending information over the online grid.

The issue was addressed with improved routing of Safari-originated requests.

SceneKit(CVE-2024-54501): Processing a maliciously crafted file may lead to a denial of service.

The issue was addressed with improved checks.

The issue was addressed by adding additional logic.

WebKit(CVE-2024-54479/CVE-2024-54502): Processing maliciously crafted web content may lead to an unexpected process crash.

The issue was addressed with improved checks.

WebKit(CVE-2024-54508):Processing maliciously crafted web content may lead to an unexpected process crash.

The issue was addressed with improved memory handling.

WebKit(CVE-2024-54505): Processing maliciously crafted web content may lead to memory corruption.

A jot down confusion issue was addressed with improved memory handling.

WebKit(CVE-2024-54534): Processing maliciously crafted web content may lead to memory corruption.

The issue was addressed with improved memory handling.

If you have any of these devices, you should update them as soon as possible as well.