On Thursday, Apple released iOS 12.1.4, a patch for several security flaws including the FaceTime group chat vulnerability discovered by a 14-year-old. Also fixed are two zero-day vulnerabilities that had reportedly been actively exploited. All users are encouraged to install the update as soon as possible to secure their phones against these flaws.
Here’s what iOS 12.1.4 patches:
Foundation zero-day vulnerability (CVE-2019-7286) — A memory corruption issue affecting the Foundation framework allows apps to potentially gain elevated privileges. In other words, a malicious app intent on burrowing deeper into your device could use this route.
I/O Kit zero-day vulnerability (CVE-2019-7287) — Another memory corruption issue, this time affecting objects in the I/O Kit framework, allows apps to potentially execute code with kernel privileges, another route for bad actors.
Group FaceTime call vulnerability (CVE-2019-6223) —Famously discovered by 14-year-old Grant Thompson a couple of weeks ago, this flaw allows the initiator of a Group FaceTime call to cause the recipient’s phone to answer without the recipient knowing, creating a very easy-to-use eavesdropping tool.
Each of these flaws poses a major security risk on its own, which is why Avast and cybersecurity experts everywhere are urging iOS users to install the update immediately. “Every vulnerability not patched is a back door ready for use by cybercriminals,” notes Avast security evangelist Luis Corrons. “That’s why it is of the utmost importance to always update our devices.”
Avast is a global leader in cybersecurity, protecting hundreds of millions of users around the world. Protect all of your devices with award-winning free antivirus. Safeguard your privacy and encrypt your online connection with SecureLine VPN.
*** This is a Security Bloggers Network syndicated blog from Blog | Avast EN authored by Avast Blog. Read the original post at: https://blog.avast.com/apple-patches-three-major-flaws