Two vulnerabilities that Apple patched in its latest iOS 12.1.4 update were successfully exploited by hackers before they were known to Apple, according to a top Google security engineer.
Ben Hawkes, team leader at Google's Project Zero security research group, revealed in a tweet that vulnerabilities identified as CVE-2019-7286 and CVE-2019-7287 in Apple's iOS 12.1.4 security change log had been exploited in the wild as "zero day".
A zero-day vulnerability refers to a security hole in software that is unknown to the software developer and the public, although it may already be known by attackers who are quietly exploiting it.
As ZDNet notes, it's unclear under what circumstances the vulnerabilities were used, but one exploit involved the iOS Foundation component and a memory corruption issue that could allow an app to gain "elevated privileges" on an iPhone 5s and later, iPad Air and later, or iPod touch 6th generation. The second vulnerability potentially allowed for kernel privileges and affected the same devices.
CVE-2019-7286 and CVE-2019-7287 in the iOS advisory today (https://t.co/ZsIy8nxLvU) were exploited in the wild as 0day.
— Ben Hawkes (@benhawkes) February 7, 2019
Apple credited "an anonymous researcher, Clement Lecigne of Google Threat Analysis Group, Ian Beer of Google Project Zero, and Samuel Groß of Google Project Zero" for discovering both vulnerabilities.
Apple's iOS 12.1.4 update for the iPhone, iPad, and iPod touch, was principally designed to fix an insidious privacy-invading Group FaceTime bug discovered by a high school student that could be exploited to eavesdrop on conversations.
56 comments
With the new 2019 Mac Pro now available for purchase, Apple has begun sharing support documents and tutorial videos covering the new high-end machine that's designed for professional users.
...
Apple's new Pro Display XDR comes with an optional nano-texture glass, which is etched at the nanometer level to cut down on reflectivity and glare for a matte look.
The nano-texture glass...
There was a serious AirDrop bug in iOS 13.2.3 that let attackers overwhelm nearby iPhones with files, causing them to lock up, reports TechCrunch. Apple addressed the bug in the iOS 13.3 update, and...
Ahead of the release of the Mac Pro and Pro Display XDR, Apple gave several of the machines to prominent tech YouTubers to test out, and their first impressions, overviews, and unboxings of the Mac...
Executives from Apple and Facebook were grilled over their encryption policies in a U.S. Senate Judiciary Committee hearing, with senators threatening encryption regulation.
According to...
Apple today released the Mac Pro, its high-end modular desktop machine designed for professional users. While the base Mac Pro machine is priced starting at $5,999, there are many other upgrade...
Along with the new Mac Pro and Pro Display XDR, Apple has added a variety of related accessories to its online store.
The new Mac Pro accessories include Apple's Afterburner card,...
Apple today released macOS Catalina 10.15.2, the second update to the macOS Catalina operating system that was originally released in October. macOS Catalina 10.15.2 comes over a month after the...
