Apple iOS 12.1.4 released to fix Group FaceTime bug

Apple iOS 12.1.4 released to fix Group FaceTime bug

Apple recently came under public criticism for a critical FaceTime bug which allowed individuals to invade your privacy. Apple has quickly responded by releasing a fix which also appears to patch three other vulnerabilities on the iOS platform.

While the newly patched exploits didn't make the headlines like the FaceTime bug, Twitter user Ben Hawkes claims two of these lesser-known vulnerabilities were in fact “exploited in the wild as 0day.”

A "zero-day" attack is a generic term that describes any sort of software vulnerability that is unknown to said software’s developers for any period of time while hackers take advantage of a security flaw.

Ben Hawks is currently working for Google as the Project Zero team lead and is in charge of finding precisely these types of zero-day vulnerabilities in both Google-developed and third-party software.

Apple has been very vague in its details on the vulnerabilities, claiming that CVE-2019-7286 is apparently a “memory corruption issue” that potentially allowed “an application to gain elevated privileges”, while CVE-2019-7287 is referenced as a “memory corruption issue” as it opened the door for “an application to execute arbitrary code with kernel privileges.”

Unfortunately, it is not known what kind of damage these vulnerabilities could have caused users, it generally is recommended that you upgrade to the latest version of iOS as soon as possible.

Download Apple iOS 12.1.4

The iOS 12.1.4 update will be automatically pushed out to your iPhone, iPad or iPod Touch over-the-air (OTA) if you have automatic updates enabled. You can also manually update to the latest version of iOS on your compatible device under Settings > General > Software Update.

Advanced users can manually download the IPSW files and install it on your device using iTunes.

Download iOS 12.1.4 IPSW files

Post a Comment