Two vulnerabilities patched in iOS 12.1.4 were exploited by hackers, Google researcher say...

Posted:
in iOS edited February 7
A pair of iOS bugs identified as resolved by Apple in its latest iOS 12.1.4 release were successfully exploited by hackers, according to a Google researcher who shared details of the zero-day vulnerabilities on Thursday.

Skull


Apple's latest iOS 12.1.4 release, issued earlier today, contains fixes for Foundation and IOKit flaws that, according to security researcher Ben Hawkes, were used to hack devices in the wild.

As noted by ZDNet, Hawkes, leader of Google's Project Zero security team, shared the revelation on Twitter late Thursday, saying the iOS bugs were leveraged as zero-day vulnerabilities.

How, exactly, the vulnerabilities were exploited and by whom is unknown.

Both bugs were detailed in Apple documentation detailing security changes delivered with the iOS 12.1.4 package.

Logged with the identifier CVE-2019-7286, the Foundation flaw involves a memory corruption issue that could allow an app to gain elevated privileges in iPhone 5s and later, iPad Air and later, and iPod touch 6th generation. An anonymous researcher, Clement Lecigne of Google Threat Analysis Group, Ian Beer of Google Project Zero and Samuel Gro of Google Project Zero were credited with finding the flaw.

The second bug, identified as CVE-2019-7287, also involves a memory corruption, but instead of granting elevated privileges it allows an app to executive code with kernel privileges on iPhone 5s and later, iPad Air and later, and iPod touch 6th generation. The same researchers were credited with the find.

Apple released iOS 12.1.4 alongside a supplemental update to macOS Mojave to address the widely publicized FaceTime flaw that allowed interlopers to eavesdrop on Group FaceTime calls. The update also patched a Live Photos in FaceTime bug that was discovered after Apple conducted a "thorough security audit" of the service. Details of the Live Photos vulnerability have yet to be made public.

Comments

  • Reply 1 of 5
    Were these Google researchers and analysts hacking or reverse engineering iOS when they found these exploits? Also, why are they only complaining and going public now that the fix has been released?
    watto_cobra
  • Reply 2 of 5
    gatorguygatorguy Posts: 21,305member
    berndog said:
    Were these Google researchers and analysts hacking or reverse engineering iOS when they found these exploits? Also, why are they only complaining and going public now that the fix has been released?
    The article isn't entirely clear on this point but the flaws appear to have been reported to Apple by Google and of course the reason not to discuss it in public until now is because Apple hadn't yet fixed it. You should do a few minutes of reading about Project Zero and Google Threat Assessment. They've helped Apple close a whole lot of security holes, Microsoft too. 
    edited February 8 muthuk_vanalingamapple_badgerberndogbeowulfschmidtmaltz
  • Reply 3 of 5
    lkrupplkrupp Posts: 7,478member

    How, exactly, the vulnerabilities were exploited and by whom is unknown.

    Both bugs were detailed in Apple documentation detailing security changes delivered with the iOS 12.1.4 package.
    That’s the 64 Thousand Dollar Question.  Saying the bugs were exploited and explaining how are two different things. iOS is the Walled Garden so were apps downloaded from the App Store that did the exploit or were they confined to jailbroken iOS devices? 
    watto_cobra
  • Reply 4 of 5
    lkrupp said:

    How, exactly, the vulnerabilities were exploited and by whom is unknown.

    Both bugs were detailed in Apple documentation detailing security changes delivered with the iOS 12.1.4 package.
    That’s the 64 Thousand Dollar Question.  Saying the bugs were exploited and explaining how are two different things. iOS is the Walled Garden so were apps downloaded from the App Store that did the exploit or were they confined to jailbroken iOS devices? 
    Neither has to be the case: If the bugs are in iOS itself then *any* apps using the vulnerable code (if, for example, it’s in a library) have the potential to be the vector for exploitation. For example, if there is a security vulnerability in an image handling iOS library, any app that uses that library to deal with images can, if presented with a malicious image (let’s say hosted on a website), cause exploitation. I believe this has happened with both Safari and Messages in the past.
    gatorguydws-2watto_cobra
  • Reply 5 of 5
    taddtadd Posts: 122member
    lkrupp said:
    iOS is the Walled Garden so were apps downloaded from the App Store that did the exploit or were they confined to jailbroken iOS devices? 
    The vulnerability could also have been demonstrated using a developer application without the application ever having been submitted to the App Store.
Sign In or Register to comment.