While you may think that’s due to a lower severity level for issues relating to the Live Photos feature in FaceTime, the iOS Foundation framework, and the I/O Kit framework, Twitter user Ben Hawkes claims two of these lesser-known vulnerabilities were in fact “exploited in the wild as 0day.”
Hawkes is not just some random guy making unsubstantiated accusations on social media, mind you, working for Google as Project Zero team lead. The seasoned white hat hacker is basically in charge of finding precisely these types of zero-day vulnerabilities in both Google-developed and third-party software.
In other words, he knows exactly what he’s talking about, and if he says exploits were out in the wild, that definitely happened. What we don’t know just yet and we will probably never know is the nature of these “0day” attacks.
By the way, that term is extremely generic, describing any sort of software vulnerability that is unknown to said software’s developers for any period of time while hackers take advantage of a security flaw.
At the same time, Apple is as cryptic as always in “detailing” the issues fixed by iOS 12.1.4. The CVE-2019-7286 vulnerability is apparently a “memory corruption issue” that potentially allowed “an application to gain elevated privileges”, with a different “memory corruption issue” referenced as CVE-2019-7287 as it opened the door for “an application to execute arbitrary code with kernel privileges.”
Both bugs sound serious, but as there’s no way to know what damage they may have caused and for how long, we should probably just focus on the best method to avoid them right now. If you haven’t updated your iPhone yet to regain access to Group FaceTime, this is an even better reason to switch to iOS version 12.1.4 as soon as possible.
Adrian, a mobile technology enthusiast since the Nokia 3310 era, has been a dynamic presence in the tech journalism field, contributing to Android Authority, Digital Trends, and Pocketnow before joining PhoneArena in 2018. His expertise spans across various platforms, with a particular fondness for the diversity of the Android ecosystem. Despite the challenges of balancing full-time parenthood with his work, Adrian's passion for tech trends, running, and movies keeps him energized. His commitment to mid-range smartphones has led to an eclectic collection of devices, saved from personal bankruptcy by his preference for 'adequate' over 'overpriced'.
Loading Comments...
COMMENT
All comments need to comply with our
Community Guidelines
Phonearena comments rules
A discussion is a place, where people can voice their opinion, no matter if it
is positive, neutral or negative. However, when posting, one must stay true to the topic, and not just share some
random thoughts, which are not directly related to the matter.
Things that are NOT allowed:
Off-topic talk - you must stick to the subject of discussion
Offensive, hate speech - if you want to say something, say it politely
Spam/Advertisements - these posts are deleted
Multiple accounts - one person can have only one account
Impersonations and offensive nicknames - these accounts get banned
Moderation is done by humans. We try to be as objective as possible and moderate with zero bias. If you think a
post should be moderated - please, report it.
Have a question about the rules or why you have been moderated/limited/banned? Please,
contact us.
FCC OKs Cingular\'s purchase of AT&T Wireless
Things that are NOT allowed: