Google discovered two serious vulnerabilities on iOS
Apple released the latest version of iOS operating system 12.1.4 last week to all users and confirmed the version of the operating system patched two serious security holes discovered by Google.
Specifically, Google's Project Zero security team has discovered two new security holes in the "zero-day" vulnerability called CVE-2019-7286 and CVE-2019-7287 on iOS that allow hackers. exploit to take advantage of users.
The iOS platform is a closed platform, so when an Apple vulnerability appears, it can be patched and there is no need to disclose details about them. Apple has yet to announce the extent and scope of attacks through these two vulnerabilities. However, the company said it completely patched the two vulnerabilities on iOS 12.1.4.
On his personal Twitter page, security expert Ben Hawkes announced the new vulnerability, saying they existed and could have been exploited for a long time. And it wasn't until Google reported that these two vulnerabilities were known to Apple that it was difficult to find out which applications were exploiting them. However, it seems that previous applications taking advantage of this vulnerability have also been removed from Apple App Store by Apple.
The CVE-2019-7286 vulnerability affects a core component of the iOS operating system, the iOS Foundation Framework. If successful exploitation of this vulnerability, hackers can take control of memory and access user data easily.
The second vulnerability, CVE-2019-72867, affects the I / O Kit module, an important component of iOS that handles data flows between hardware and software. Hackers can take advantage of memory errors to run custom code with the kernel's own privileges to access everything on the victim's phone.
Currently, these two serious security holes have been completely patched in iOS 12.1.4 version released a few days ago. To ensure safety and avoid becoming a victim of similar vulnerabilities, update your device immediately to the latest version.
You should read it
- Detecting a new Linux vulnerability allows hackers to gain control of the VPN connection
- 'Printer Catastrophe' Vulnerability Threatens All Versions of Windows
- New zero-day vulnerability warning in Windows Search, Windows protocol nightmare getting worse
- Microsoft urgently patched zero-day vulnerability after 2 years of refusing to acknowledge it
- AMD CPUs also have security vulnerabilities that have existed for many years now!
- Google warns of a vulnerability that allows Android smartphones to be attacked with just a phone number
- Detecting WhatsApp flaws allows an attacker to access files on the machine
- 12-year vulnerability in pkexec gives hackers root privileges on Linux
- Detected a serious zero-day vulnerability in Microsoft Office, click the document file and it will stick
- Detected a serious BIOS vulnerability, affecting many Intel processors
- Immediately patch CWP vulnerability that allows code execution as root on Linux servers
- New vulnerability on MediaTek chip makes 30% of Android smartphones can be eavesdropped
Maybe you are interested
How to Fix RCS Not Working on iOS 18
Here are all the new features coming to Apple CarPlay on iOS 18
How to View Recalled Messages on Messenger on PC, Android, iOS
AMD Ryzen Users Should Install This BIOS Update for a Free Performance Boost
How to run iOS emulator on PC quickly and simply
How to use new features in Apple Maps on iOS 18