Google has just issued a warning asking iOS users to upgrade to the just released iOS 12.1.4. A senior security engineer Ben Hawkes took to Twitter to warn users about two security vulnerabilities patched in the new update were already being “exploited in the wild”. Hawkes stated that these two vulnerabilities were classified as ‘0day’ exploits or zero-day exploits. Zero-day exploits refer to problems or weaknesses in the system that have not been detected by the software maker, and are already being used by cybercriminals.
Hawkes is the team leader of Project Zero, a security team at Google which hunts for Zero-day exploits in software products. According to the tweet, the exploits with identifiers “CVE-2019-7286” and “CVE-2019-7287” were what Hawkes was referring about. He did not reveal any more details about when, where, or who was exploiting these exploits against iOS users.
Watch: Apple iOS 12 features
As noted by ZDNet, the vulnerability identified as “CVE-2019-7286” fixes an exploit in the Foundation framework of iOS, a core component of the operating system. Apple shared more information about the problem adding that hackers could exploit “a memory corruption” in the framework with the help of a “malicious app” to get administrator rights and then control the device.
The second exploit with identifier “CVE-2019-72867” is related to I/O Kit, an internal component that takes care of the input as well as output streams of data between the hardware and the software. The company stated that hackers can exploit this flaw by corrupting the memory of the framework with the help of a malicious app to run unauthorized code with kernel privileges which is the highest level of access on any software system. iOS 12.1.4 also comes with a fix for the Group FaceTime security flaw making the update considerably important for iOS users.