Apple Fixes Zero-Day Exploits with Release of iOS 12.1.4

[cageymaru]

Apple has released iOS 12.1.4 and it fixes two zero-day exploits that had been abused by hackers. According to Google Project Zero team lead, Ben Hawkes, "CVE-2019-7286 and CVE-2019-7287 were exploited in the wild as 0day." CVE-2019-7286 allowed hackers to gain elevated privileges by using a malicious app to exploit a memory corruption bug. CVE-2019-7287 allowed a malicious app to exploit a memory corruption bug to execute arbitrary code with kernel privileges. Apple credited multiple Google members for reporting the exploits.

iPhone users are advised to update their devices to iOS 12.1.4 as soon as possible. This release also fixes the infamous FaceTime bug that allowed users to eavesdrop on others using group FaceTime calls.

 

[BloodyIron]

And what about those exploits for MacOS that don't have a bounty program?

 

[WBurchnall]

Ah, how nice of Google to work to fix their competitors broken software. Not everyday you see that kind of cooperation.

 

[WBurchnall]

And what about those exploits for MacOS that don't have a bounty program?

Simple. MacOS comes with no exploits
Nope, not one. It does come with zero day bonus features.

 

[Nolan7689]

Ah, how nice of Google to work to fix their competitors broken software. Not everyday you see that kind of cooperation.

Take your rhetoric somewhere else. No software is written perfectly, and bugs and exploits are found by all sorts of people regardless of their current careers or the software they’re looking at.

 

[trparky]

Take your rhetoric somewhere else. No software is written perfectly, and bugs and exploits are found by all sorts of people regardless of their current careers or the software they’re looking at.

Exactly. Meanwhile Android has this humdinger of an exploit. You don't even need to load an app, just visit a web site and... p0wned. Luckily if you have a newer version of Android you're safe.