Recently, Apple have released a patch updates for Apple device that using the iOS and macOS Mojave where the vulnerabilities such as CVE-2019-7286 ( Privilege Escalation vulnerabilities) and CVE-2019-7287( I/O kit framework that only effect on iOS devices)
Vulnerabilities
CVE-2019-7286
This vulnerabilities is an attacks on framework that related to both iOS and MacOS device where the bug on the privilege escalation. For your further reading, the viewer can read the CVE details on here
CVE-201907287
This vulnerabilities is only affected the user that used iOS device which is Iphone device. It is an vulnerabilities that only happen in the open-source I/O kit framework that related to source code. The attacker can exploit it by using arbitrary code execution. For your further reading, the viewer can read the CVE details on here
Vulnerabilities Details
A big thanks and the credit is given to who discovery of both bugs such as follows:
1) Clement Lecigne, Google Threat Analysis Group
2) Ian Beer,Google Project Zero
3) Samuel Groß,Google Project Zero
4) Anonymous researcher
KeySteal Controversy – Security Byte (Source: Youtube)
Recommendation
Apple have release the latest version of patch 12.1.4 after they release 12.1.3 a few weeks ago
iOS 12.1.4 is Out! – What’s New? (Source: Youtube)