Google discovered two serious vulnerabilities on iOS

Google 's Project Zero security team discovered two new security vulnerabilities of the zero-day vulnerability called CVE-2019-7286 and CVE-2019-7287 on iOS that allow hackers to exploit to take advantage of it. user.

Apple released the latest version of iOS operating system 12.1.4 last week to all users and confirmed the version of the operating system patched two serious security holes discovered by Google.

Specifically, Google's Project Zero security team has discovered two new security holes in the "zero-day" vulnerability called CVE-2019-7286 and CVE-2019-7287 on iOS that allow hackers. exploit to take advantage of users.

The iOS platform is a closed platform, so when an Apple vulnerability appears, it can be patched and there is no need to disclose details about them. Apple has yet to announce the extent and scope of attacks through these two vulnerabilities. However, the company said it completely patched the two vulnerabilities on iOS 12.1.4.

Google discovered two serious vulnerabilities on iOS Picture 1Google discovered two serious vulnerabilities on iOS Picture 1

On his personal Twitter page, security expert Ben Hawkes announced the new vulnerability, saying they existed and could have been exploited for a long time. And it wasn't until Google reported that these two vulnerabilities were known to Apple that it was difficult to find out which applications were exploiting them. However, it seems that previous applications taking advantage of this vulnerability have also been removed from Apple App Store by Apple.

The CVE-2019-7286 vulnerability affects a core component of the iOS operating system, the iOS Foundation Framework. If successful exploitation of this vulnerability, hackers can take control of memory and access user data easily.

Google discovered two serious vulnerabilities on iOS Picture 2Google discovered two serious vulnerabilities on iOS Picture 2

The second vulnerability, CVE-2019-72867, affects the I / O Kit module, an important component of iOS that handles data flows between hardware and software. Hackers can take advantage of memory errors to run custom code with the kernel's own privileges to access everything on the victim's phone.

Currently, these two serious security holes have been completely patched in iOS 12.1.4 version released a few days ago. To ensure safety and avoid becoming a victim of similar vulnerabilities, update your device immediately to the latest version.

4 ★ | 2 Vote