Apple fixed two zero-day exploits in addition to FaceTime bug with iOS 12.1.4 update

Apple fixed two zero-day exploits in addition to FaceTime bug with iOS 12.1.4 update
Apple faced a great deal of public criticism for missing a scary privacy-invading FaceTime bug that a 14-year-old actually discovered before the company’s cybersecurity experts, but interestingly enough, the other three vulnerabilities fixed with the latest iOS update made far fewer headlines.

While you may think that’s due to a lower severity level for issues relating to the Live Photos feature in FaceTime, the iOS Foundation framework, and the I/O Kit framework, Twitter user Ben Hawkes claims two of these lesser-known vulnerabilities were in fact “exploited in the wild as 0day.”

Hawkes is not just some random guy making unsubstantiated accusations on social media, mind you, working for Google as Project Zero team lead. The seasoned white hat hacker is basically in charge of finding precisely these types of zero-day vulnerabilities in both Google-developed and third-party software.

In other words, he knows exactly what he’s talking about, and if he says exploits were out in the wild, that definitely happened. What we don’t know just yet and we will probably never know is the nature of these “0day” attacks.

By the way, that term is extremely generic, describing any sort of software vulnerability that is unknown to said software’s developers for any period of time while hackers take advantage of a security flaw.

Apple fixed two zero-day exploits in addition to FaceTime bug with iOS 12.1.4 update

At the same time, Apple is as cryptic as always in “detailing” the issues fixed by iOS 12.1.4. The CVE-2019-7286 vulnerability is apparently a “memory corruption issue” that potentially allowed “an application to gain elevated privileges”, with a different “memory corruption issue” referenced as CVE-2019-7287 as it opened the door for “an application to execute arbitrary code with kernel privileges.”

Both bugs sound serious, but as there’s no way to know what damage they may have caused and for how long, we should probably just focus on the best method to avoid them right now. If you haven’t updated your iPhone yet to regain access to Group FaceTime, this is an even better reason to switch to iOS version 12.1.4 as soon as possible.

FEATURED VIDEO

6 Comments

1. Gryffin

Posts: 44; Member since: Dec 19, 2018

New version with new features and new bugs

2. IT-Engineer

Posts: 523; Member since: Feb 26, 2015

Yeah ain't that the truth

3. adecvat

Posts: 626; Member since: Nov 15, 2013

Fast as always. Not like others.

5. IT-Engineer

Posts: 523; Member since: Feb 26, 2015

Also full of bugs and security unlike the others.

4. blingblingthing

Posts: 897; Member since: Oct 23, 2012

I don't want anyone telling me about iOS as some OS which is perfectly secure. Anything can be broken, it's just a matter of time.

6. Leo_MC

Posts: 6710; Member since: Dec 02, 2011

Except one only has ~one month to break the iOS, after that the game is being reset and another month starts. By the time someone finds a way to hack some part of iOS, Apple has been releasing a few new versions.

Latest Stories

This copy is for your personal, non-commercial use only. You can order presentation-ready copies for distribution to your colleagues, clients or customers at https://www.parsintl.com/phonearena or use the Reprints & Permissions tool that appears at the bottom of each web page. Visit https://www.parsintl.com/ for samples and additional information.