Two vulnerabilities that Apple patched in its latest iOS 12.1.4 update were successfully exploited by hackers before they were known to Apple, according to a top Google security engineer.
Ben Hawkes, team leader at Google's Project Zero security research group, revealed in a tweet that vulnerabilities identified as CVE-2019-7286 and CVE-2019-7287 in Apple's iOS 12.1.4 security change log had been exploited in the wild as "zero day".
A zero-day vulnerability refers to a security hole in software that is unknown to the software developer and the public, although it may already be known by attackers who are quietly exploiting it.
As ZDNet notes, it's unclear under what circumstances the vulnerabilities were used, but one exploit involved the iOS Foundation component and a memory corruption issue that could allow an app to gain "elevated privileges" on an iPhone 5s and later, iPad Air and later, or iPod touch 6th generation. The second vulnerability potentially allowed for kernel privileges and affected the same devices.
CVE-2019-7286 and CVE-2019-7287 in the iOS advisory today (https://t.co/ZsIy8nxLvU) were exploited in the wild as 0day.
— Ben Hawkes (@benhawkes) February 7, 2019
Apple credited "an anonymous researcher, Clement Lecigne of Google Threat Analysis Group, Ian Beer of Google Project Zero, and Samuel Groß of Google Project Zero" for discovering both vulnerabilities.
Apple's iOS 12.1.4 update for the iPhone, iPad, and iPod touch, was principally designed to fix an insidious privacy-invading Group FaceTime bug discovered by a high school student that could be exploited to eavesdrop on conversations.
56 comments
Apple last week unveiled Project Catalyst, an initiative designed to allow developers to port their iPad apps to the Mac.
At the time, Apple named several partners, including Twitter, and today,...
Apple retail stores and the Apple online store are now carrying the Activ5, a fitness device designed by Activbody.
Described as a portable isometric-based strength training device with digital...
Apple and Madonna have teamed up to launch new Today at Apple Music Lab classes where attendees will go hands-on with Crave, a track from Madonna's latest album, and will be able to remix it.
...
Mattel's Hot Wheels brand is getting a major digital upgrade with the launch of the Hot Wheels Smart Track Kit, Race Portal, and Hot Wheels id vehicles, all of which are available exclusively...
Huawei today confirmed it is delaying the launch of its Mate X foldable smartphone from June to September for quality assurance purposes.
Huawei's Mate X
A spokesperson for Huawei said the...
As part of the deal allowing cable companies Comcast and Charter to sell iPhones for their respective mobile services, Apple has required them to also sell large numbers of other devices, reports...
Apple at the 2019 Worldwide Developers Conference introduced watchOS 6, the latest version of the software designed for the Apple Watch. watchOS 6 brings some notable improvements to watchOS,...
Apple today released a new macOS Mojave 10.14.5 Boot camp update, which is designed to address a bug that prevented the creation of a new Boot Camp partition on a iMac or Mac mini with a Fusion...
