Apple has launched iOS 12.2 for the iPhone, iPad and iPod Touch. The update brings support for the new AirPods, Animoji options, AirPlay 2 and the freshly launched Apple News+, the tech giant’s news subscription service.
With iOS 12.2, Apple has also fixed more than 50 bugs affecting Apple devices, among which include a critical flaw in bad apps that could’ve let hackers take advantage of your microphone and listen in on or record your conversations.
Apple breaks down the complete list of iOS 12.2 security fixes on its website. The microphone vulnerability exists within ‘ReplayKit,’ which is commonly used by game developers to let users record video and audio from their iPhone screen to share with others.
The flaw, labeled as CVE-2019-8566, stems from an API issue related to the ‘handling of microphone data. It allowed malicious apps to access a user’s microphone without them knowing. This issue was addressed with improved validation Apple’s website reads.
Several of the resolved vulnerabilities existed in WebKit, the browser engine that is the backbone of iOS apps like Safari, Mail and the App Store. This issue stemmed from memory corruption that could lead to ‘arbitrary code execution via maliciously crafted web content’ distributed by hackers.
Another memory corrpution issue would let bad actors circumvent sandbox restrictions. Sandboxing is a computer security mechanism that separates apps from one another so that it an error occurs in one application, it won’t spread to others.
The WebKit flaws were serious enough that Alex Stamos, Facebook’s former chief security officer, urged users to update their devices to the latest mobile software. The U.S. National Cybersecurity and Communications Integration Center also advised Apple users to update their devices to avoid ‘vulnerabilities in multiple products.’
iOS 12.2 also resolves issues in Apple’s Feedback Assistant, an app that allows users to send feedback. The flaw would’ve allowed attackers to gain root privileges on a device, as well as ‘overwrite arbitrary files.’
READ ALSO:Apple's new AirPods have Siri built-in
Additionally, Apple fixed a bug in GeoServices, the geo-location data services component of iOS. The bug, labeled CVE-2019-8553, could lead to arbitrary code execution if users click on a malicious SMS link.
But the update isn’t limited to just bug fixes.
In iOS 12.2, Apple has launched Apple News+, its new news subscription service.
Apple News+, announced on Monday, gives users access to more than 300 magazine titles, as well as to content from top news publishers, for $9.99 a month.
Among the titles are People, National Geographic, Sports Illustrated and New York Magazine, along with content from the Los Angeles Times and the Wall Street Journal.
There’s also four new Animoji that can be sent as stickers, including a boar, giraffe, owl and shark, in addition to support for the second generation AirPods and AirPlay 2, which lets users stream videos, music and photos on smart TVs made by Samsung, LG, Sony and Vizio.