Windows 10 News and info | Forum
February 22, 2019, Loading... *
Welcome, Guest. Please login or register.

Login with username, password and session length
News: This is a clean Ad-free Forum and protected by StopForumSpam, Project Honeypot, Botscout and AbuseIPDB | This forum does not use audio ads, popups, or other annoyances. New member registration currently disabled.
 
  Website   Home   Windows 8 Website GDPR Help Login Register  
By continuing to use the site or forum, you agree to the use of cookies, find out more by reading our GDPR policy.
Pages: [1]
  Print  
Share this topic on Del.icio.usShare this topic on DiggShare this topic on FacebookShare this topic on GoogleShare this topic on MySpaceShare this topic on RedditShare this topic on StumbleUponShare this topic on TechnoratiShare this topic on TwitterShare this topic on YahooShare this topic on Google buzz
Author Topic: Apple Patched Two Actively Exploited Zero-Days in iOS 12.1.4  (Read 5 times)
javajolt
Administrator
Hero Member
*****
Offline Offline

Gender: Male
United States United States

Posts: 29609


I Do Windows


WWW Email
« on: February 09, 2019, 01:47:17 PM »
ReplyReply

As revealed by Project Zero team lead Ben Hawkes on Twitter, Apple fixed two zero-day vulnerabilities which were being exploited in the wild before the release of the iOS 12.1.4 security update.

Zero-day (also known as 0day or 0-day) vulnerabilities are security vulnerabilities that are known to the software maker but do not yet have a patch, thus exposing vulnerable devices to potential attacks.

The first iOS zero-day vulnerability which was reported by Hawkes as actively exploited is being tracked as CVE-2019-7286 and, according to the iOS 12.1.4 security update it impacts the Foundation framework which "a base layer of functionality for apps and frameworks."

Quote
Foundation

Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation

Impact: An application may be able to gain elevated privileges

Description: A memory corruption issue was addressed with improved input validation.

CVE-2019-7286: an anonymous researcher, Clement Lecigne of Google Threat Analysis Group, Ian Beer of Google Project Zero, and Samuel Groß of Google Project Zero


The second 0-day threat actors have been exploiting in the wild before Apple released iOS 12.1.4 affects the IOKit framework which "implements non-kernel access to I/O Kit objects (drivers and nubs) through the device-interface mechanism."

Quote
IOKit

Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation

Impact: An application may be able to execute arbitrary code with kernel privileges

Description: A memory corruption issue was addressed with improved input validation.

CVE-2019-7287: an anonymous researcher, Clement Lecigne of Google Threat Analysis Group, Ian Beer of Google Project Zero, and Samuel Groß of Google Project Zero


Besides these two zero-day issues that were impacting devices running iOS 12.1.3, Apple also fixed the highly-publicized snooping issue present in FaceTime's group call feature which allowed users to initiate a group FaceTime call and listen in without the person answering the call or even being aware that their device's microphone was activated.

To add insult to injury, if one would try to mute the ringing using the power button, the camera would turn on enabling the caller to also see the person on the other end.

iOS zero-days are expensive merchandise

These days zero-day vulnerabilities are highly sought after and they can bring a lot of money to security researchers willing to sell them to exploit acquisition platforms such as Zerodium.

Just as an example, these are the prices Zerodium is willing to currently pay for iOS/mobile zero-day exploits:

Quote
$2,000,000 - Apple iOS remote jailbreak (Zero Click) with persistence

$1,500,000 - Apple iOS remote jailbreak (One Click) with persistence

$1,000,000 - WhatsApp, iMessage, or SMS/MMS remote code execution

$500,000 - Chrome RCE + LPE (Android) including a sandbox escape

$500,000 - Safari + LPE (iOS) including a sandbox escape

$200,000 - Local privilege escalation to either kernel or root for Android or iOS

$100,000 - Local pin/passcode or Touch ID bypass for Android or iOS


BleepingComputer has reached out to Google and Ben Hawkes for more details but did not receive an answer prior to publication.

source
Logged



Pages: [1]
  Print  
 
Jump to:  

Powered by SMF 1.1.21 | SMF © 2017, Simple Machines

Google visited last this page February 09, 2019, 01:55:02 PM