ios 12 iconTwo vulnerabilities that Apple patched in its latest iOS 12.1.4 update were successfully exploited by hackers before they were known to Apple, according to a top Google security engineer.

Ben Hawkes, team leader at Google's Project Zero security research group, revealed in a tweet that vulnerabilities identified as CVE-2019-7286 and CVE-2019-7287 in Apple's iOS 12.1.4 security change log had been exploited in the wild as "zero day".

A zero-day vulnerability refers to a security hole in software that is unknown to the software developer and the public, although it may already be known by attackers who are quietly exploiting it.

As ZDNet notes, it's unclear under what circumstances the vulnerabilities were used, but one exploit involved the iOS Foundation component and a memory corruption issue that could allow an app to gain "elevated privileges" on an iPhone 5s and later, iPad Air and later, or iPod touch 6th generation. The second vulnerability potentially allowed for kernel privileges and affected the same devices.

Apple credited "an anonymous researcher, Clement Lecigne of Google Threat Analysis Group, Ian Beer of Google Project Zero, and Samuel Groß of Google Project Zero" for discovering both vulnerabilities.

Apple's iOS 12.1.4 update for the ‌iPhone‌, iPad, and iPod touch, was principally designed to fix an insidious privacy-invading Group FaceTime bug discovered by a high school student that could be exploited to eavesdrop on conversations.

Top Rated Comments

69Mustang Avatar
69Mustang
71 months ago
Wonder if this means the exploits are related to FaceTime again. Hopefully Apple fixes it ASAP.
Not related to FaceTime. Both were patched yesterday along with the FaceTime Bug. They were mentioned in yesterday's article. Just weren't credited or detailed. This article is just a follow up.
Score: 14 Votes (Like | Disagree)
ersan191 Avatar
ersan191
71 months ago
Apple’s security changelogs are like 50+% reported by project zero these days, kind of makes them look bad. Also makes you wonder how many unpatched vulnerabilities there are.
Score: 13 Votes (Like | Disagree)
69Mustang Avatar
69Mustang
71 months ago
Apple’s security changelogs are like 50+% reported by project zero these days, kind of makes them look bad. Also makes you wonder how many unpatched vulnerabilities there are.
I don't think Apple looks bad at all. Project Zero is just good at what they do. I'm glad they are. As long as the exploits are found and fixed, generally speaking, I don't think anyone cares who found them. Apple would only look bad if they got news of an exploit, let it hit the 90 day window without action, and PZ disclosed. 'Til that happens...
Score: 7 Votes (Like | Disagree)
69Mustang Avatar
69Mustang
71 months ago
.
My problem is Google is focused on finding flaws in Apple products but major flaws in their own products go unnoticed and are found by outside groups and remain unpatched. In some cases Google has just stopped supporting the devices instead of fixing it.
Project Zero isn't focused on finding flaws in Apple products. That's just flat out lying.
Score: 7 Votes (Like | Disagree)
Sasparilla Avatar
Sasparilla
71 months ago
Every hole in their OS's that Apple closes is a victory. It'd be better if these weren't being used as zero day's, but that is not the way real life in computer or smartphone OS's work (the bad guys are always finding some exploits to use / sell) - so good that Apple closed these as well. Keep it up Apple.
Score: 4 Votes (Like | Disagree)
luvbug Avatar
luvbug
71 months ago
Yikes! I better update my iPhone 4S and iPhone 5 to the latest patch.
It says "iPhone 5s AND LATER".
Score: 1 Votes (Like | Disagree)
Read All Comments

Popular Stories

iPhone SE 4 Vertical Camera Feature

iPhone SE 4 Production Will Reportedly Begin Ramping Up in October

Tuesday July 23, 2024 2:00 pm PDT by
Following nearly two years of rumors about a fourth-generation iPhone SE, The Information today reported that Apple suppliers are finally planning to begin ramping up mass production of the device in October of this year. If accurate, that timeframe would mean that the next iPhone SE would not be announced alongside the iPhone 16 series in September, as expected. Instead, the report...
Read Full Article68 comments
iPhone 17 Plus Feature

iPhone 17 Lineup Specs Detail Display Upgrade and New High-End Model

Monday July 22, 2024 4:33 am PDT by
Key details about the overall specifications of the iPhone 17 lineup have been shared by the leaker known as "Ice Universe," clarifying several important aspects of next year's devices. Reports in recent months have converged in agreement that Apple will discontinue the "Plus" iPhone model in 2025 while introducing an all-new iPhone 17 "Slim" model as an even more high-end option sitting...
Read Full Article160 comments
Generic iPhone 17 Feature With Full Width Dynamic Island

Kuo: Ultra-Thin iPhone 17 to Feature A19 Chip, Single Rear Camera, Semi-Titanium Frame, and More

Wednesday July 24, 2024 9:06 am PDT by
Apple supply chain analyst Ming-Chi Kuo today shared alleged specifications for a new ultra-thin iPhone 17 model rumored to launch next year. Kuo expects the device to be equipped with a 6.6-inch display with a current-size Dynamic Island, a standard A19 chip rather than an A19 Pro chip, a single rear camera, and an Apple-designed 5G chip. He also expects the device to have a...
Read Full Article162 comments
iPhone 16 Pro Sizes Feature

iPhone 16 Series Is Less Than Two Months Away: Everything We Know

Thursday July 25, 2024 5:43 am PDT by
Apple typically releases its new iPhone series around mid-September, which means we are about two months out from the launch of the iPhone 16. Like the iPhone 15 series, this year's lineup is expected to stick with four models – iPhone 16, iPhone 16 Plus, iPhone 16 Pro, and iPhone 16 Pro Max – although there are plenty of design differences and new features to take into account. To bring ...
Read Full Article130 comments
icloud private relay outage

iCloud Private Relay Experiencing Outage

Thursday July 25, 2024 3:18 pm PDT by
Apple’s iCloud Private Relay service is down for some users, according to Apple’s System Status page. Apple says that the iCloud Private Relay service may be slow or unavailable. The outage started at 2:34 p.m. Eastern Time, but it does not appear to be affecting all iCloud users. Some impacted users are unable to browse the web without turning iCloud Private Relay off, while others are...
Read Full Article80 comments
iPhone 17 Plus Feature Purple

iPhone 17 Rumored to Feature Mechanical Aperture

Tuesday July 23, 2024 9:32 am PDT by
Apple is planning to release at least one iPhone 17 model next year with mechanical aperture, according to a report published today by The Information. The mechanical system would allow users to adjust the size of the iPhone 17's aperture, which refers to the opening of the camera lens through which light enters. All existing iPhone camera lenses have fixed apertures, but some Android...
Read Full Article60 comments