arlier this week, Apple released iOS version 12.1.4 that fixed the group FaceTime bug that allowed turned iPhones users to listen in on conversations of their friends even when they had not received the call. But the FaceTime was not the only security vulnerability that the software update fixed. It also fixed two other exploits that left iOS users vulnerable to hackers.
According to Ben Hawkes, who is the lead of Google’s elite Project Zero team, the two vulnerabilties that the latest iOS update fixed “were exploited in the wild” by hackers. And while Apple did release the software update to fix the exploit, it didn’t release the security update before hackers could get a chance to misuse these vulnerabilities – something that security experts call a ‘zero day’.
“CVE-2019-7286 and CVE-2019-7287 in the iOS advisory today (https://support.apple.com/en-us/HT209520 ) were exploited in the wild as 0day,” Hawkes wrote in a tweet.
As Apple noted in its support page for the security content of iOS 12.1.4, one of the two security vulnerabilities, CVE-2019-7286, affected the Foundation of iOS and it could allow a hacker to gain elevated privildges in iOS. On the other hand, the other vulnerability, CVE-2019-7287, could allow malicious actors to execute arbitrary code with kernel privileges.
The Cupertino, California based company has accredited an anonymous researcher, Clement Lecigne of Google Threat Analysis Group, Ian Beer of Google Project Zero, and Samuel Groß of Google Project Zero for finding both the vulnerabilities.
Notably, Apple’s iOS security update, iOS 12.1.4, not only fixes the infamous FaceTime bug, which had forced the company to disable the group FaceTime feature from server side after the hack was discovered last week, but it also fixed another key vulnerability in the LivePhotos feature of the FaceTime app. While Apple didn’t give out details as to what exactly the issue with the LivePhotos feature was, the company, in its support page, noted that the issue had been fixed “with improved validation on the FaceTime server.”