Home UsersNewsSecurity

Google warns about attacks on iPhone users.

One of Google’s leading security experts, Ben Hawkes, warns cybercriminals using two 0-day iOS vulnerabilities in real-world attacks. The attacks were fixed before Apple released iOS 12.1.4. IPhone users are recommended to install the patch released yesterday.

The security problem was reported by the team leader in the Project Zero project. Ben Hawkes, however, did not clarify what circumstances are required for the successful exploitation of these vulnerabilities.

Vulnerabilities received identifiers CVE-2019-7286 and CVE-2019-7287. Hawkis reported on their exploitation in real attacks on Twitter:

 “CVE-2019-7286 and CVE-2019-7287 in the iOS advisory today (https://support.apple.com/en-us/HT209520) were exploited in the wild as 0day.”

At the moment, it is not clear what exactly these two gaps are used for – for attacks around the world that have no specific purpose, or for a coordinated cyber spy campaign.

According to Apple, CVE-2019-7286 affects the Foundation framework – one of the key components of the iOS operating system. The second, CVE-2019-72867, affects the I/O Kit. An attacker could use a malicious application and execute code with kernel privileges.

 At the moment, neither Google nor Apple have commented on these security issues.
Sending
User Review
0 (0 votes)
Comments Rating 0 (0 reviews)

Daniel Zimmermann

Daniel Zimmermann has been writing on security and malware subjects for many years and has been working in the security industry for over 10 years. Daniel was educated at the Saarland University in Saarbrücken, Germany and currently lives in New York.

Related Articles

Leave a Reply

Your email address will not be published.

Sending

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Back to top button