Apple has released iOS 12, its latest operating system for iPhone, iPad and iPod Touch users as it had promised and also released watchOS 5.0 for Apple Watch users. Announced at the WWDC in June this year, iOS 12 is compatible with iPhone 5s and later, all iPad Air and iPad Pro models, iPad 5th generation, iPad 6th generation, iPad mini 2 and later and iPod touch 6th generation.
The iOS 12 update brings Improved Performance, Siri Shortcuts, Memoji, Screen Time, Shared AR Experiences and more. Apple was supposed to introduce Group FaceTime support in iOS 12, but it was removed during the beta. It will release later this fall in a future iOS 12 update.
The watchOS 5 comes with an array of features like Walkie Talkie feature that lets you talk directly to family members using an Apple Watch. You can fire off a voice clip directly to another watch user with a tap of the wrist. The feature works over both WiFi and LTE. It has also released tvOS 12 for Apple TV that brings new Aerial Screensavers, Zero Sign-On, Dolby Atmos Support and more. Check out the complete changelog below.
New features in iOS 12
Accounts
Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation
Impact: A local app may be able to read a persistent account identifier
Description: This issue was addressed with improved entitlements.
CVE-2018-4322
Bluetooth
Available for: iPhone SE, iPhone 6s, iPhone 6s Plus, iPhone 7, iPhone 7 Plus, iPad Mini 4, 12.9-inch iPad Pro 1st generation, 12.9-inch iPad Pro 2nd generation, 10.5-inch iPad Pro, 9.7-inch iPad Pro, iPad 5th generation, and iPod Touch 6th generation
Impact: An attacker in a privileged network position may be able to intercept Bluetooth traffic
Description: An input validation issue existed in Bluetooth. This issue was addressed with improved input validation.
CVE-2018-5383
Core Bluetooth
Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation
Impact: An application may be able to execute arbitrary code with system privileges
Description: A memory corruption issue was addressed with improved memory handling.
CVE-2018-4330
CoreMedia
Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation
Impact: An app may be able to learn information about the current camera view before being granted camera access
Description: A permissions issue existed. This issue was addressed with improved permission validation.
CVE-2018-4356
IOMobileFrameBuffer
Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation
Impact: An application may be able to read restricted memory
Description: A validation issue was addressed with improved input sanitization.
CVE-2018-4335
iTunes Store
Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation
Impact: An attacker in a privileged network position may be able to spoof password prompts in the iTunes Store
Description: An input validation issue was addressed with improved input validation.
CVE-2018-4305
Kernel
Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation
Impact: An application may be able to read restricted memory
Description: An input validation issue existed in the kernel. This issue was addressed with improved input validation.
CVE-2018-4363
Messages
Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation
Impact: A local user may be able to discover a user’s deleted messages
Description: A consistency issue existed in the handling of application snapshots. The issue was addressed with improved handling of message deletions.
CVE-2018-4313
Safari
Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation
Impact: A local user may be able to discover websites a user has visited
Description: A consistency issue existed in the handling of application snapshots. The issue was addressed with improved handling of application snapshots.
CVE-2018-4313
Safari
Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation
Impact: A user may be unable to delete browsing history items
Description: Clearing a history item may not clear visits with redirect chains. The issue was addressed with improved data deletion.
CVE-2018-4329
Safari
Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation
Impact: A malicious website may be able to exfiltrate autofilled data in Safari
Description: A logic issue was addressed with improved state management.
CVE-2018-4307
SafariViewController
Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation
Impact: Visiting a malicious website may lead to address bar spoofing
Description: An inconsistent user interface issue was addressed with improved state management.
CVE-2018-4362
Security
Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation
Impact: An attacker may be able to exploit weaknesses in the RC4 cryptographic algorithm
Description: This issue was addressed by removing RC4.
CVE-2016-1777
Status Bar
Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation
Impact: A person with physical access to an iOS device may be able to determine the last used app from the lock screen
Description: A logic issue was addressed with improved restrictions.
CVE-2018-4325: Brian Adeloye
Wi-Fi
Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation
Impact: An application may be able to read restricted memory
Description: A validation issue was addressed with improved input sanitization.
CVE-2018-4338
New features in watchOS 5
iTunes Store
Available for: Apple Watch Series 1 and later
Impact: An attacker in a privileged network position may be able to spoof password prompts in the iTunes Store
Description: An input validation issue was addressed with improved input validation.
CVE-2018-4305: Jerry Decime
Kernel
Available for: Apple Watch Series 1 and later
Impact: An application may be able to read restricted memory
Description: An input validation issue existed in the kernel. This issue was addressed with improved input validation.
CVE-2018-4363
Safari
Available for: Apple Watch Series 1 and later
Impact: A local user may be able to discover websites a user has visited
Description: A consistency issue existed in the handling of application snapshots. The issue was addressed with improved handling of application snapshots.
CVE-2018-4313: 11 anonymous researchers, David Scott, Enes Mert Ulu of Abdullah Mürşide Özünenek Anadolu Lisesi – Ankara/Türkiye, Mehmet Ferit Daştan of Van Yüzüncü Yıl University, Metin Altug Karakaya of Kaliptus Medical Organization, Vinodh Swami of Western Governor’s University (WGU)
Security
Available for: Apple Watch Series 1 and later
Impact: An attacker may be able to exploit weaknesses in the RC4 cryptographic algorithm
Description: This issue was addressed by removing RC4.
CVE-2016-1777
New features in tvOS 12
Bluetooth
Available for: Apple TV (4th generation)
Impact: An attacker in a privileged network position may be able to intercept Bluetooth traffic
Description: An input validation issue existed in Bluetooth. This issue was addressed with improved input validation.
CVE-2018-5383
iTunes Store
Available for: Apple TV 4K and Apple TV (4th generation)
Impact: An attacker in a privileged network position may be able to spoof password prompts in the iTunes Store
Description: An input validation issue was addressed with improved input validation.
CVE-2018-4305
Kernel
Available for: Apple TV 4K and Apple TV (4th generation)
Impact: An application may be able to read restricted memory
Description: An input validation issue existed in the kernel. This issue was addressed with improved input validation.
CVE-2018-4363
Safari
Available for: Apple TV 4K and Apple TV (4th generation)
Impact: A local user may be able to discover websites a user has visited
Description: A consistency issue existed in the handling of application snapshots. The issue was addressed with improved handling of application snapshots.
CVE-2018-4313
Security
Available for: Apple TV 4K and Apple TV (4th generation)
Impact: An attacker may be able to exploit weaknesses in the RC4 cryptographic algorithm
Description: This issue was addressed by removing RC4.
CVE-2016-1777