Google Security Researchers Say Hackers Exploited iOS Zero-Day Flaws Patched in iOS 12.1.4

5 years ago

Google security researchers said that two vulnerabilities patched in the latest iOS update were successfully exploited by hackers before they were known to Apple.

According to Project Zero team lead Ben Hawkes on Twitter (via ZDNet), Google security researchers revealed that two of the vulnerabilities patched by Apple on Thursday with the release of iOS 12.1.4 were zero-day flaws exploited in the wild by malicious actors.

iOS 12.1.4 resolves a total of four vulnerabilities. Two are related to the recently-discovered Group FaceTime spying bug, and the other two are memory corruption issues that allow a malicious application to elevate privileges and execute arbitrary code.

One of the flaws, CVE-2019-7286, impacts the Foundation component in iOS — “a base layer of functionality for apps and frameworks” — and it allows a malicious application to gain elevated privileges.

The second vulnerability, identified as CVE-2019-7287, impacts IOKit, which “implements non-kernel access to I/O Kit objects (drivers and nubs) through the device-interface mechanism,” and it can be exploited by a malicious app to execute arbitrary code with kernel privileges.

Apple‘s security log foriOS 12.1.4 credits “an anonymous researcher, Clement Lecigne of Google Threat Analysis Group, Ian Beer of Google Project Zero, and Samuel Groß of Google Project Zero” for the findings:

Foundation

Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation

Impact: An application may be able to gain elevated privileges

Description: A memory corruption issue was addressed with improved input validation.

IOKit

Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation

Impact: An application may be able to execute arbitrary code with kernel privileges

Description: A memory corruption issue was addressed with improved input validation.

While iOS 12.1.4 is a minor update, Apple is preparing some new features and enhancements for the iOS 12.2 update. It’s a bigger update as it will come with new Animojis, a new AirPlay icon, improved HomeKit controls, and more.

P.S. Help support us and independent media here: Buy us a beer, Buy us a coffee, or use our Amazon link to shop.

Other articles in the category: News

New on Crave: May 2024

Bell Media’s Crave has announced new shows and titles coming to the streaming service in May 2024. Highlights include the movie premiere of Expend4bles, another film from the action series featuring Sylvester Stallone and other action stars on May 10. Comedy series Hacks season three debuts on May 2, while the premiere of Pretty Little...

John Quintet

1 hour ago

Apple Unveils OpenELM AI Models for On-Device Use

Joining the likes of Google and Microsoft, Apple has launched OpenELM, a collection of open-source language models tailored for on-device operations.

Usman Qureshi

1 hour ago

ByteDance Confirms No Plans to Sell TikTok Amidst U.S. Ban Concerns

ByteDance, the parent company of TikTok, has firmly stated via its official account on Toutiao that it has no intentions to sell the video-sharing app.

Usman Qureshi

2 hours ago