We already have ZombieLoad and now this?

Yes, this was released along with the ZombieLoad patches by Apple and 12.3 does have equally important fixes for vulnerabilities. iOS 12.3 has 42 fixes dealing with important security vulnerabilities, some of which are listed below:

  • Arbitrary code execution: Results in remote execution of unauthorized malicious code on the device.
  • Access to restricted memory: Results in access to critical system information.
  • Unexpected system termination or access to kernel memory: Results in shutdown of system or critical processes. Access to kernel memory (considered the central module of OS) can lead to corruption of kernel data.
  • Privacy-related: Results in unauthorized access of device users' PII (personally identifiable information)

 

Now let us look at the CVEs associated with these vulnerabilties. In case you want to know how MDM can help you, refer to this:

  • Arbitrary code execution (ACE)

    • CVE-2019-8593
    • CVE-2019-8585
    • CVE-2019-8605
    • CVE-2019-8613

  • Access to restricted memory

    • CVE-2019-8598
    • CVE-2019-8605

  • Unexpected system termination or read kernel memory

    • CVE-2019-8576
    • CVE-2019-8591

  • Privacy-related

    • CVE-2019-8599: Anyone with physical access to the device and can obtain the e-mail used for configuring iTunes
    • CVE-2019-8620: A device may be tracked via Wi-Fi MAC address.

How to fix these vulnerabilities?

Identifying devices running outdated OS versions

Firstly, you need to identify the devices running the vulnerable OS version. For example, if you want to identify all devices running iOS 11.2, follow the steps given below:

  • On your MDM server, click on Inventory from the top menu.
  • Go to the device list and verify if OS Version is available as one of the columns. If not click on the table icon, from the right menu and select OS Version from the list.
  • Once done, click on the search icon and then in the space provided below OS Version, type in 12.2, to get the devices running iOS 12.2.

Updating the device OS

The next step is to ensure the devices are running iOS 12.3 by associating an OS update policy. To create an OS update policy, follow the steps given below:

  • On the MDM server, click on Device Mgmt from the top menu and select Automate OS updates from the left menu.
  • Click on Create Policy and select iOS from the dropdown. Provide a policy name.
  • As the update needs to be on the device immediately, select the option immediately for Deploy OS Updates and also select the checkbox which forces OS updates on the devices. You can know more about scheduling and automating OS updates here.
  • Once done, distribute the policy to identified devices to ensure the devices get updated.