• Home
  • Mobiles
  • Mobiles News
  • iOS 12.1.4 Patches 2 Zero Day Vulnerabilities That ‘Were Exploited in the Wild’: Google Project Zero

iOS 12.1.4 Patches 2 Zero-Day Vulnerabilities That ‘Were Exploited in the Wild’: Google Project Zero

iOS 12.1.4 Patches 2 Zero-Day Vulnerabilities That ‘Were Exploited in the Wild’: Google Project Zero

The CVE-2019-7286 and CVE-2019-7287 bugs are related to memory corruption issues

Highlights
  • The CVE-2019-7286 bug allows an app to gain elevated privileges
  • The iOS 12.1.4 update also patches the Group FaceTime bug
  • The update is now available for download for all iOS users
Advertisement

A Google security researcher on Thursday revealed that hackers have been spotted attempting to exploit two iOS vulnerabilities. Apple has patched the said vulnerabilities in iOS 12.1.4 update that was released late-yesterday, but the attacks are reportedly carried out before Apple had a chance to release the fixes. Such attacks are called zero-day exploits. It is unclear whether the attackers were successful in managing to breach the iOS devices or what were their intentions. The two iOS vulnerabilities in question carry CVE-2019-7286 and CVE-2019-7287 identifiers.

The news of the iOS zero-day exploits was revealed by Ben Hawkes, who leads Google's Project Zero team, on Twitter. He did not share any specifics though.

“CVE-2019-7286 and CVE-2019-7287 in the iOS advisory today (link) were exploited in the wild as 0day,” Hawkes wrote.

As per the Apple's advisory on iOS 12.1.4 update, both CVE-2019-7286 and CVE-2019-7287 bugs are related to memory corruption issues and were reported to the iPhone maker by Clement Lecigne of Google Threat Analysis Group, Ian Beer of Google Project Zero, Samuel Groß of Google Project Zero, and an anonymous researcher. The CVE-2019-7286 bug allowed an application to gain elevated privileges in the operating system, whereas the CVE-2019-7287 let the apps execute arbitrary code with kernel privileges. Apple was able to patch both vulnerabilities by improving the input validation.

It is unlikely that we will ever know how these vulnerabilities by exploited by the hackers or who exploited them.

In addition to the two zero-day exploits, the iOS 12.1.4 update also includes a fix for the infamous Group Facetime bug that allows anyone to eavesdrop on the other persons in the call even though they had not answered the call. The update also included a fix for a bug related to Live Photos in FaceTime.

Comments

For details of the latest launches and news from Samsung, Xiaomi, Realme, OnePlus, Oppo and other companies at the Mobile World Congress in Barcelona, visit our MWC 2024 hub.

Beyerdynamic Soul Byrd In-the-Ear Headphones Launched in India at Rs. 6,999
Fortnite Account Merge Feature Is Finally Live for PS4, Switch, and Xbox One
Share on Facebook Gadgets360 Twitter Share Tweet Snapchat Share Reddit Comment google-newsGoogle News
 
 

Advertisement

Follow Us

Advertisement

© Copyright Red Pixels Ventures Limited 2024. All rights reserved.
Trending Products »
Latest Tech News »