fbpx

Share:

Google Security Researchers Say Hackers Exploited iOS Zero-Day Flaws Patched in iOS 12.1.4

Share:

Google security researchers said that two vulnerabilities patched in the latest iOS update were successfully exploited by hackers before they were known to Apple.

According to Project Zero team lead Ben Hawkes on Twitter (via ZDNet), Google security researchers revealed that two of the vulnerabilities patched by Apple on Thursday with the release of iOS 12.1.4 were zero-day flaws exploited in the wild by malicious actors.

iOS 12.1.4 resolves a total of four vulnerabilities. Two are related to the recently-discovered Group FaceTime spying bug, and the other two are memory corruption issues that allow a malicious application to elevate privileges and execute arbitrary code.

One of the flaws, CVE-2019-7286, impacts the Foundation component in iOS — “a base layer of functionality for apps and frameworks” — and it allows a malicious application to gain elevated privileges.

The second vulnerability, identified as CVE-2019-7287, impacts IOKit, which “implements non-kernel access to I/O Kit objects (drivers and nubs) through the device-interface mechanism,” and it can be exploited by a malicious app to execute arbitrary code with kernel privileges.



Apple‘s security log foriOS 12.1.4 credits “an anonymous researcher, Clement Lecigne of Google Threat Analysis Group, Ian Beer of Google Project Zero, and Samuel Groß of Google Project Zero” for the findings:

Foundation

  • Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation
  • Impact: An application may be able to gain elevated privileges
  • Description: A memory corruption issue was addressed with improved input validation.

IOKit

  • Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation
  • Impact: An application may be able to execute arbitrary code with kernel privileges
  • Description: A memory corruption issue was addressed with improved input validation.

While iOS 12.1.4 is a minor update, Apple is preparing some new features and enhancements for the iOS 12.2 update. It’s a bigger update as it will come with new Animojis, a new AirPlay icon, improved HomeKit controls, and more.

Share: