Patch on Zero-Day Apple device

Recently, Apple have released a patch updates for Apple device that using the iOS and macOS Mojave where the vulnerabilities such as CVE-2019-7286 ( Privilege Escalation vulnerabilities) and CVE-2019-7287( I/O kit framework that only effect on iOS devices)

Vulnerabilities

CVE-2019-7286

This vulnerabilities is an attacks on framework that related to both iOS and MacOS device where the bug on the privilege escalation. For your further reading, the viewer can read the CVE details on here

CVE-201907287

This vulnerabilities is only affected the user that used iOS device which is Iphone device. It is an vulnerabilities that only happen in the open-source I/O kit framework that related to source code. The attacker can exploit it by using arbitrary code execution. For your further reading, the viewer can read the CVE details on here

Vulnerabilities Details

A big thanks and the credit is given to who discovery of both bugs such as follows:

1) Clement Lecigne, Google Threat Analysis Group
2) Ian Beer,Google Project Zero
3) Samuel GroƟ,Google Project Zero
4) Anonymous researcher


KeySteal Controversy – Security Byte (Source: Youtube)

Recommendation

Apple have release the latest version of patch 12.1.4 after they release 12.1.3 a few weeks ago


iOS 12.1.4 is Out! – What’s New? (Source: Youtube)

Source: Apple patches two flaws reportedly exploited in zero-day attacks; also nixes FaceTime eavesdropping bug

Author: Wan Ariff

Leave a Reply

Your email address will not be published. Required fields are marked *