Apple yesterday released iOS 12.1.4 to fix that rather horrific FaceTime bug. I should also note that Apple also released a macOS Mojave update to do the same thing. And you should install them right now because the FaceTime bug is the least of your problems.
First of all Apple because it was caught with its pants down metaphorically speaking did a security audit to find out if there were any other issues that they should fix. After all, with the the existence of the FaceTime bug being out there, it was likely that people who look for security issues both good guys and bad guys would be looking for anything else that they could exploit. And based on the release notes of the iOS update and the macOS update, they found something. Specifically this:
Impact: A thorough security audit of the FaceTime service uncovered an issue with Live Photos
Description: The issue was addressed with improved validation on the FaceTime server.
CVE-2019-7288: Apple
What is the issue? Who knows. A search for the CVE that is mentioned brings up nothing that says what the issue was. But it was clearly serious enough that they had to fix it and limit the ability to capture Live Photos to updated iDevices and Macs.
The other bugs are far more serious. They were brought to the Apple’s attention by “an anonymous researcher, Clement Lecigne of Google Threat Analysis Group, Ian Beer of Google Project Zero, and Samuel Groß of Google Project Zero”:
- CVE-2019-7286 affects the Foundation framework and is a memory corruption issue that could be exploited by an app to gain elevated privileges
- CVE-2019-7287 affects the IOKit framework and is a memory corruption flaw that could be exploited by an app to execute arbitrary code with kernel privileges.
Given the fact that some big names in Google’s Threat Analysis Group and Project Zero are involved, these two security issues are serious. And that view is backed up by this tweet:
So who is Ben Hawkes and why should you care? Ben Hawkes is the team leader at Google’s Project Zero security team, He’s in a position to know how serious this is. Thus if he’s saying that exploits were already in the wild, you should take that seriously.
Thus, my advice is that you should update your iDevices and your Macs ASAP as there are clearly some serious holes that have been exploited that Apple has fixed in these updates. And while you’re at it, you should update the Shortcuts app as well as there were a couple of security issues fixed in that app as well. After all, you can’t be too secure.
Like this:
Like Loading...
Related
This entry was posted on February 8, 2019 at 9:48 am and is filed under Commentary with tags Apple. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
The Reason Why You Need To Update To iOS 12.1.4 And Install The macOS Mojave Update RIGHT NOW Goes Beyond The FaceTime Bug
Apple yesterday released iOS 12.1.4 to fix that rather horrific FaceTime bug. I should also note that Apple also released a macOS Mojave update to do the same thing. And you should install them right now because the FaceTime bug is the least of your problems.
First of all Apple because it was caught with its pants down metaphorically speaking did a security audit to find out if there were any other issues that they should fix. After all, with the the existence of the FaceTime bug being out there, it was likely that people who look for security issues both good guys and bad guys would be looking for anything else that they could exploit. And based on the release notes of the iOS update and the macOS update, they found something. Specifically this:
Impact: A thorough security audit of the FaceTime service uncovered an issue with Live Photos
Description: The issue was addressed with improved validation on the FaceTime server.
CVE-2019-7288: Apple
What is the issue? Who knows. A search for the CVE that is mentioned brings up nothing that says what the issue was. But it was clearly serious enough that they had to fix it and limit the ability to capture Live Photos to updated iDevices and Macs.
The other bugs are far more serious. They were brought to the Apple’s attention by “an anonymous researcher, Clement Lecigne of Google Threat Analysis Group, Ian Beer of Google Project Zero, and Samuel Groß of Google Project Zero”:
Given the fact that some big names in Google’s Threat Analysis Group and Project Zero are involved, these two security issues are serious. And that view is backed up by this tweet:
So who is Ben Hawkes and why should you care? Ben Hawkes is the team leader at Google’s Project Zero security team, He’s in a position to know how serious this is. Thus if he’s saying that exploits were already in the wild, you should take that seriously.
Thus, my advice is that you should update your iDevices and your Macs ASAP as there are clearly some serious holes that have been exploited that Apple has fixed in these updates. And while you’re at it, you should update the Shortcuts app as well as there were a couple of security issues fixed in that app as well. After all, you can’t be too secure.
Share this:
Like this:
Related
This entry was posted on February 8, 2019 at 9:48 am and is filed under Commentary with tags Apple. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.