Apple released iOS 12.1.4 with fixes security vulnerabilities including Zero Days and Facetime Bug.
A Google security researchers have discovered that the hackers have been launched attacks against iPhone users by using two iOS Vulnerabilities.
These attacks were happened before Apple release iOS 12.1.4 today, by mean Zero Day Vulnerabilities.
According to Twitter account handling named Ben Hawkes tweeted
CVE-2019-7286 and CVE-2019-7287 in the iOS advisory today (https://t.co/ZsIy8nxLvU) were exploited in the wild as 0day.
— Ben Hawkes (@benhawkes) February 7, 2019
The two Zero-day named CVE’s as of CVE-2019-7286 and CVE-2019-7287, whereas Apple given credit to Google security researchers, which is available for iPhone 5s and later, iPad Air and later, and iPod touch 6th generation.
According to Apple iOS,
- CVE-2019-7286:
The impact of the vulnerability is an application may be able to gain elevated privileges
Description: A memory corruption issue was addressed with improved input validation.
- CVE-2019-7287:
The impact of the vulnerability is an application may be able to execute arbitrary code with kernel privileges
Description: A memory corruption issue was addressed with improved input validation.
Apple recommend to iPhone users to update their devices to iOS 12.1.4
Apple also fixes FaceTime Bug that allowed users to eavesdrop on other group Facetime calls.
- FaceTime Bug Resolved CVE-2019-6223
Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation
Impact: The initiator of a Group FaceTime call may be able to cause the recipient to answer
Description: A logic issue existed in the handling of Group FaceTime calls. The issue was addressed with improved state management.
- Live Photos in FaceTime CVE-2019-7288
Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation
Impact: A thorough security audit of the FaceTime service uncovered an issue with Live Photos
Description: The issue was addressed with improved validation on the FaceTime server.
How To Update?
You can update your iPhone, iPad, or iPod touch to the latest version of iOS wirelessly. If you can’t see the update on your device, you can update manually using iTunes.
Plug your device into power and connect to the Internet with Wi-Fi.
Tap your device Settings > General > Software Update.