ios 12 iconTwo vulnerabilities that Apple patched in its latest iOS 12.1.4 update were successfully exploited by hackers before they were known to Apple, according to a top Google security engineer.

Ben Hawkes, team leader at Google's Project Zero security research group, revealed in a tweet that vulnerabilities identified as CVE-2019-7286 and CVE-2019-7287 in Apple's iOS 12.1.4 security change log had been exploited in the wild as "zero day".

A zero-day vulnerability refers to a security hole in software that is unknown to the software developer and the public, although it may already be known by attackers who are quietly exploiting it.

As ZDNet notes, it's unclear under what circumstances the vulnerabilities were used, but one exploit involved the iOS Foundation component and a memory corruption issue that could allow an app to gain "elevated privileges" on an iPhone 5s and later, iPad Air and later, or iPod touch 6th generation. The second vulnerability potentially allowed for kernel privileges and affected the same devices.

Apple credited "an anonymous researcher, Clement Lecigne of Google Threat Analysis Group, Ian Beer of Google Project Zero, and Samuel Groß of Google Project Zero" for discovering both vulnerabilities.

Apple's iOS 12.1.4 update for the ‌iPhone‌, iPad, and iPod touch, was principally designed to fix an insidious privacy-invading Group FaceTime bug discovered by a high school student that could be exploited to eavesdrop on conversations.

Top Rated Comments

69Mustang Avatar
69Mustang
68 months ago
Wonder if this means the exploits are related to FaceTime again. Hopefully Apple fixes it ASAP.
Not related to FaceTime. Both were patched yesterday along with the FaceTime Bug. They were mentioned in yesterday's article. Just weren't credited or detailed. This article is just a follow up.
Score: 14 Votes (Like | Disagree)
ersan191 Avatar
ersan191
68 months ago
Apple’s security changelogs are like 50+% reported by project zero these days, kind of makes them look bad. Also makes you wonder how many unpatched vulnerabilities there are.
Score: 13 Votes (Like | Disagree)
69Mustang Avatar
69Mustang
68 months ago
Apple’s security changelogs are like 50+% reported by project zero these days, kind of makes them look bad. Also makes you wonder how many unpatched vulnerabilities there are.
I don't think Apple looks bad at all. Project Zero is just good at what they do. I'm glad they are. As long as the exploits are found and fixed, generally speaking, I don't think anyone cares who found them. Apple would only look bad if they got news of an exploit, let it hit the 90 day window without action, and PZ disclosed. 'Til that happens...
Score: 7 Votes (Like | Disagree)
69Mustang Avatar
69Mustang
68 months ago
.
My problem is Google is focused on finding flaws in Apple products but major flaws in their own products go unnoticed and are found by outside groups and remain unpatched. In some cases Google has just stopped supporting the devices instead of fixing it.
Project Zero isn't focused on finding flaws in Apple products. That's just flat out lying.
Score: 7 Votes (Like | Disagree)
Sasparilla Avatar
Sasparilla
68 months ago
Every hole in their OS's that Apple closes is a victory. It'd be better if these weren't being used as zero day's, but that is not the way real life in computer or smartphone OS's work (the bad guys are always finding some exploits to use / sell) - so good that Apple closed these as well. Keep it up Apple.
Score: 4 Votes (Like | Disagree)
luvbug Avatar
luvbug
68 months ago
Yikes! I better update my iPhone 4S and iPhone 5 to the latest patch.
It says "iPhone 5s AND LATER".
Score: 1 Votes (Like | Disagree)
Read All Comments

Popular Stories

maxresdefault

Apple Announces 'Let Loose' Event on May 7 Amid Rumors of New iPads

Tuesday April 23, 2024 7:11 am PDT by
Apple has announced it will be holding a special event on Tuesday, May 7 at 7 a.m. Pacific Time (10 a.m. Eastern Time), with a live stream to be available on Apple.com and on YouTube as usual. The event invitation has a tagline of "Let Loose" and shows an artistic render of an Apple Pencil, suggesting that iPads will be a focus of the event. Subscribe to the MacRumors YouTube channel for more ...
Read Full Article276 comments
Apple Silicon AI Optimized Feature Siri

Apple Releases Open Source AI Models That Run On-Device

Wednesday April 24, 2024 3:39 pm PDT by
Apple today released several open source large language models (LLMs) that are designed to run on-device rather than through cloud servers. Called OpenELM (Open-source Efficient Language Models), the LLMs are available on the Hugging Face Hub, a community for sharing AI code. As outlined in a white paper [PDF], there are eight total OpenELM models, four of which were pre-trained using the...
Read Full Article83 comments
Apple Vision Pro Dual Loop Band Orange Feature 2

Apple Cuts Vision Pro Shipments as Demand Falls 'Sharply Beyond Expectations'

Tuesday April 23, 2024 9:44 am PDT by
Apple has dropped the number of Vision Pro units that it plans to ship in 2024, going from an expected 700 to 800k units to just 400k to 450k units, according to Apple analyst Ming-Chi Kuo. Orders have been scaled back before the Vision Pro has launched in markets outside of the United States, which Kuo says is a sign that demand in the U.S. has "fallen sharply beyond expectations." As a...
Read Full Article416 comments
iPad And Calculator App Feature

Apple Finally Plans to Release a Calculator App for iPad Later This Year

Tuesday April 23, 2024 9:08 am PDT by
Apple is finally planning a Calculator app for the iPad, over 14 years after launching the device, according to a source familiar with the matter. iPadOS 18 will include a built-in Calculator app for all iPad models that are compatible with the software update, which is expected to be unveiled during the opening keynote of Apple's annual developers conference WWDC on June 10. AppleInsider...
Read Full Article222 comments
iOS 18 Siri Integrated Feature

iOS 18 Rumored to Add These 10 New Features to Your iPhone

Wednesday April 24, 2024 2:05 pm PDT by
Apple is set to unveil iOS 18 during its WWDC keynote on June 10, so the software update is a little over six weeks away from being announced. Below, we recap rumored features and changes planned for the iPhone with iOS 18. iOS 18 will reportedly be the "biggest" update in the iPhone's history, with new ChatGPT-inspired generative AI features, a more customizable Home Screen, and much more....
Read Full Article