Two vulnerabilities that Apple patched in its latest iOS 12.1.4 update were successfully exploited by hackers before they were known to Apple, according to a top Google security engineer.
Ben Hawkes, team leader at Google's Project Zero security research group, revealed in a tweet that vulnerabilities identified as CVE-2019-7286 and CVE-2019-7287 in Apple's iOS 12.1.4 security change log had been exploited in the wild as "zero day".
A zero-day vulnerability refers to a security hole in software that is unknown to the software developer and the public, although it may already be known by attackers who are quietly exploiting it.
As ZDNet notes, it's unclear under what circumstances the vulnerabilities were used, but one exploit involved the iOS Foundation component and a memory corruption issue that could allow an app to gain "elevated privileges" on an iPhone 5s and later, iPad Air and later, or iPod touch 6th generation. The second vulnerability potentially allowed for kernel privileges and affected the same devices.
CVE-2019-7286 and CVE-2019-7287 in the iOS advisory today (https://t.co/ZsIy8nxLvU) were exploited in the wild as 0day.
— Ben Hawkes (@benhawkes) February 7, 2019
Apple credited "an anonymous researcher, Clement Lecigne of Google Threat Analysis Group, Ian Beer of Google Project Zero, and Samuel Groß of Google Project Zero" for discovering both vulnerabilities.
Apple's iOS 12.1.4 update for the iPhone, iPad, and iPod touch, was principally designed to fix an insidious privacy-invading Group FaceTime bug discovered by a high school student that could be exploited to eavesdrop on conversations.
56 comments
Apple is delaying its plans to limit third-party tracking and ads in apps designed for children, reports The Washington Post.
The company's decision comes following an inquiry from The...
Amid word that Apple TV+ could launch in November priced at $9.99/month, MacRumors has discovered additional tidbits within recent betas of macOS Catalina that offer further insight into how the...
Apple today added 13 and 15-inch 2019 MacBook Pro models to its online store for refurbished products in the United States, offering the updated machines at a discount for the first time.
The...
Apple Arcade is set to launch this fall, providing iPhone, iPad, Mac, and Apple TV users with access to a library of over 100 games on a subscription basis, with no ads or additional in-app...
Apple's health team has faced a series of "high-profile departures" in the past year due to internal disagreements about direction, according to CNBC's Christina Farr, who cites...
Timed with the Apple Card launching widely in the United States today, Apple has announced that customers will now receive three percent Daily Cash when they use the Apple Card with Apple Pay for...
Apple Card, the Apple-branded credit card that Apple is launching in partnership with Goldman Sachs, is available for everyone in the U.S. starting today following a preview period that launched a...
Danske Bank, the largest bank in Denmark, today announced it now offers Apple Pay.
Apple Pay is now available to all Danske Bank personal and business customers in Denmark, Sweden, Finland, and...
