Author Topic: Apple Patched Two Actively Exploited Zero-Days in iOS 12.1.4  (Read 309 times)

Offline javajolt

  • Administrator
  • Hero Member
  • *****
  • Posts: 35126
  • Gender: Male
  • I Do Windows
    • windows10newsinfo.com
Apple Patched Two Actively Exploited Zero-Days in iOS 12.1.4
« on: February 09, 2019, 01:47:17 PM »
As revealed by Project Zero team lead Ben Hawkes on Twitter, Apple fixed two zero-day vulnerabilities which were being exploited in the wild before the release of the iOS 12.1.4 security update.

Zero-day (also known as 0day or 0-day) vulnerabilities are security vulnerabilities that are known to the software maker but do not yet have a patch, thus exposing vulnerable devices to potential attacks.

The first iOS zero-day vulnerability which was reported by Hawkes as actively exploited is being tracked as CVE-2019-7286 and, according to the iOS 12.1.4 security update it impacts the Foundation framework which "a base layer of functionality for apps and frameworks."

Quote
Foundation

Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation

Impact: An application may be able to gain elevated privileges

Description: A memory corruption issue was addressed with improved input validation.

CVE-2019-7286: an anonymous researcher, Clement Lecigne of Google Threat Analysis Group, Ian Beer of Google Project Zero, and Samuel Groß of Google Project Zero

The second 0-day threat actors have been exploiting in the wild before Apple released iOS 12.1.4 affects the IOKit framework which "implements non-kernel access to I/O Kit objects (drivers and nubs) through the device-interface mechanism."

Quote
IOKit

Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation

Impact: An application may be able to execute arbitrary code with kernel privileges

Description: A memory corruption issue was addressed with improved input validation.

CVE-2019-7287: an anonymous researcher, Clement Lecigne of Google Threat Analysis Group, Ian Beer of Google Project Zero, and Samuel Groß of Google Project Zero

Besides these two zero-day issues that were impacting devices running iOS 12.1.3, Apple also fixed the highly-publicized snooping issue present in FaceTime's group call feature which allowed users to initiate a group FaceTime call and listen in without the person answering the call or even being aware that their device's microphone was activated.

To add insult to injury, if one would try to mute the ringing using the power button, the camera would turn on enabling the caller to also see the person on the other end.

iOS zero-days are expensive merchandise

These days zero-day vulnerabilities are highly sought after and they can bring a lot of money to security researchers willing to sell them to exploit acquisition platforms such as Zerodium.

Just as an example, these are the prices Zerodium is willing to currently pay for iOS/mobile zero-day exploits:

Quote
$2,000,000 - Apple iOS remote jailbreak (Zero Click) with persistence

$1,500,000 - Apple iOS remote jailbreak (One Click) with persistence

$1,000,000 - WhatsApp, iMessage, or SMS/MMS remote code execution

$500,000 - Chrome RCE + LPE (Android) including a sandbox escape

$500,000 - Safari + LPE (iOS) including a sandbox escape

$200,000 - Local privilege escalation to either kernel or root for Android or iOS

$100,000 - Local pin/passcode or Touch ID bypass for Android or iOS

BleepingComputer has reached out to Google and Ben Hawkes for more details but did not receive an answer prior to publication.

source