Google Security Researchers Say Hackers Exploited iOS Zero-Day Flaws Patched in iOS 12.1.4 - iphone ipad mac android Blogs
googletag.cmd.push(function() { googletag.display('div-gpt-ad-1457398515347-2'); });
According to Project Zero team lead Ben Hawkes on Twitter (via ZDNet), Google security researchers revealed that two of the vulnerabilities patched by Apple on Thursday with the release of iOS 12.1.4 were zero-day flaws exploited in the wild by malicious actors.
iOS 12.1.4 resolves a total of four vulnerabilities. Two are related to the recently-discovered Group FaceTime spying bug, and the other two are memory corruption issues that allow a malicious application to elevate privileges and execute arbitrary code.
One of the flaws, CVE-2019-7286, impacts the Foundation component in iOS ? ?a base layer of functionality for apps and frameworks? ? and it allows a malicious application to gain elevated privileges.
The second vulnerability, identified as CVE-2019-7287, impacts IOKit, which ?implements non-kernel access to I/O Kit objects (drivers and nubs) through the device-interface mechanism,? and it can be exploited by a malicious app to execute arbitrary code with kernel privileges.
(adsbygoogle = window.adsbygoogle || []).push({});
Apple?s security log foriOS 12.1.4 credits ?an anonymous researcher, Clement Lecigne of Google Threat Analysis Group, Ian Beer of Google Project Zero, and Samuel Groß of Google Project Zero? for the findings:
Foundation
Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation
Impact: An application may be able to gain elevated privileges
Description: A memory corruption issue was addressed with improved input validation.
IOKit
Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation
Impact: An application may be able to execute arbitrary code with kernel privileges
Description: A memory corruption issue w...