Published on: 08 February 2019
Last update on: 12 February 2019
Apple has released a security update in its latest iOS version 12.1.4 to fix 4 vulnerabilities identified in various iOS devices. These vulnerabilities could be exploited by enticing a user to open a specially crafted application or answer a Group FaceTime call.
Report indicates that active exploitation against the vulnerabilities in Apple iOS (CVE-2019-7286 and CVE-2019-7287) have been observed. Users are advised to take immediate action to patch affected devices since there are elevated risk of cyber attacks for the vulnerabilities.
A successful attack could lead to arbitrary code execution, escalation of privileges or information disclosure.
The product vendor has released iOS 12.1.4 to address the issues.
The updates can be obtained through the auto-update mechanism. Users of affected systems should follow the recommendations provided by the product vendor and take immediate actions to mitigate the risk.
https://www.bankinfosecurity.com/apple-update-drop-everything-patch-ios-experts-warn-a-12013
https://www.zdnet.com/article/google-warns-about-two-ios-zero-days-exploited-in-the-wild/
https://www.bleepingcomputer.com/news/security/apple-patched-two-actively-exploited-zero-days-in-ios-1214/
https://support.apple.com/kb/HT209520
https://www.hkcert.org/my_url/en/alert/19020803
https://www.us-cert.gov/ncas/current-activity/2019/02/07/Apple-Releases-Multiple-Security-Updates
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6223
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7286 (to CVE-2019-7288)