• Home
  • Mobiles
  • Mobiles News
  • iOS 12.1.4 Patches 2 Zero Day Vulnerabilities That ‘Were Exploited in the Wild’: Google Project Zero

iOS 12.1.4 Patches 2 Zero-Day Vulnerabilities That ‘Were Exploited in the Wild’: Google Project Zero

Share on Facebook Tweet Share Reddit Comment
iOS 12.1.4 Patches 2 Zero-Day Vulnerabilities That ‘Were Exploited in the Wild’: Google Project Zero

The CVE-2019-7286 and CVE-2019-7287 bugs are related to memory corruption issues

Highlights
  • The CVE-2019-7286 bug allows an app to gain elevated privileges
  • The iOS 12.1.4 update also patches the Group FaceTime bug
  • The update is now available for download for all iOS users

A Google security researcher on Thursday revealed that hackers have been spotted attempting to exploit two iOS vulnerabilities. Apple has patched the said vulnerabilities in iOS 12.1.4 update that was released late-yesterday, but the attacks are reportedly carried out before Apple had a chance to release the fixes. Such attacks are called zero-day exploits. It is unclear whether the attackers were successful in managing to breach the iOS devices or what were their intentions. The two iOS vulnerabilities in question carry CVE-2019-7286 and CVE-2019-7287 identifiers.

The news of the iOS zero-day exploits was revealed by Ben Hawkes, who leads Google's Project Zero team, on Twitter. He did not share any specifics though.

“CVE-2019-7286 and CVE-2019-7287 in the iOS advisory today (link) were exploited in the wild as 0day,” Hawkes wrote.

As per the Apple's advisory on iOS 12.1.4 update, both CVE-2019-7286 and CVE-2019-7287 bugs are related to memory corruption issues and were reported to the iPhone maker by Clement Lecigne of Google Threat Analysis Group, Ian Beer of Google Project Zero, Samuel Groß of Google Project Zero, and an anonymous researcher. The CVE-2019-7286 bug allowed an application to gain elevated privileges in the operating system, whereas the CVE-2019-7287 let the apps execute arbitrary code with kernel privileges. Apple was able to patch both vulnerabilities by improving the input validation.

It is unlikely that we will ever know how these vulnerabilities by exploited by the hackers or who exploited them.

In addition to the two zero-day exploits, the iOS 12.1.4 update also includes a fix for the infamous Group Facetime bug that allows anyone to eavesdrop on the other persons in the call even though they had not answered the call. The update also included a fix for a bug related to Live Photos in FaceTime.

Comments

For the latest tech news and reviews, follow Gadgets 360 on Twitter, Facebook, and subscribe to our YouTube channel.

Gaurav Shukla Paranoid about online surveillance, Gaurav believes an artificial general intelligence is one day going to take over the world, or maybe not. He is a big ‘Person of Interest’ fan. More
Beyerdynamic Soul Byrd In-the-Ear Headphones Launched in India at Rs. 6,999
Fortnite Account Merge Feature Is Finally Live for PS4, Switch, and Xbox One

Related Stories

 
 

Advertisement

 

Advertisement

© Copyright Red Pixels Ventures Limited 2019. All rights reserved.