Patch on Zero-Day Apple device

Recently, Apple have released a patch updates for Apple device that using the iOS and macOS Mojave where the vulnerabilities such as CVE-2019-7286 ( Privilege Escalation vulnerabilities) and CVE-2019-7287( I/O kit framework that only effect on iOS devices)



This vulnerabilities is an attacks on framework that related to both iOS and MacOS device where the bug on the privilege escalation. For your further reading, the viewer can read the CVE details on here


This vulnerabilities is only affected the user that used iOS device which is Iphone device. It is an vulnerabilities that only happen in the open-source I/O kit framework that related to source code. The attacker can exploit it by using arbitrary code execution. For your further reading, the viewer can read the CVE details on here

Vulnerabilities Details

A big thanks and the credit is given to who discovery of both bugs such as follows:

1) Clement Lecigne, Google Threat Analysis Group
2) Ian Beer,Google Project Zero
3) Samuel GroƟ,Google Project Zero
4) Anonymous researcher

KeySteal Controversy – Security Byte (Source: Youtube)


Apple have release the latest version of patch 12.1.4 after they release 12.1.3 a few weeks ago

iOS 12.1.4 is Out! – What’s New? (Source: Youtube)

Source: Apple patches two flaws reportedly exploited in zero-day attacks; also nixes FaceTime eavesdropping bug

Author: Wan Ariff

He brings with him working experience in Information Security filed which specializing in Penetration Testing and Digital Forensic. His passion is more to IT Security

Leave a Reply

Your email address will not be published. Required fields are marked *