Adam Radosavljevic - Fotolia

News Stay informed about the latest enterprise technology news and product updates.

Apple releases FaceTime patch and iOS zero-day fixes

New bug fix releases for both iOS and macOS include the anticipated FaceTime patch for the serious eavesdropping flaw in group chats as well as fixes for two iOS zero-days.

Fixing the serious FaceTime group chat bug took longer than expected, but Apple patched the vulnerability and also addressed newly discovered iOS zero-days.

The FaceTime patch -- released as part of iOS 12.1.4 and macOS 10.14.3 on Thursday -- should fix the flaw that allowed the person initiating a call to hear audio from the recipient before the call was answered. Triggering the bug was caused by adding oneself to a group FaceTime call, which according to Apple's description caused "a logic issue" wherein "the initiator of a Group FaceTime call may be able to cause the recipient to answer."

Additionally, in the details of the FaceTime patch, Apple credited two people: Grant Thompson, a student at Catalina Foothills High School in Tucson, Ariz., and Daven Morris, a software developer based in Arlington, Texas, with reporting the issue.

Morris said he discovered the issue around the same time as Thompson and reported it to Apple on Jan. 27, according to an interview with The Wall Street Journal.

Thompson's mother Michele had attempted for more than one week to report the FaceTime bug to Apple and when her story was first reported, there were questions as to whether Thompson would receive anything via Apple's bug bounty for finding the issue.

Apple has not replied to requests for comment.

Apple zero-days

In addition to the FaceTime patch, iOS 12.1.4 brought fixes for two zero-day flaws discovered and reported by Clément Lecigne from Google's Threat Analysis Group, and Ian Beer and Samuel Groß of Google Project Zero.

The two bugs were memory corruption issues, one of which (CVE-2019-7286) allowed privilege escalation and affected both iOS and macOS, while the other (CVE-2019-7287) allowed code execution with kernel privileges and only affected iOS. Both flaws were actively exploited in the wild, according to Project Zero researchers, but it was not clear if iOS was targeted in both cases.

However macOS Mojave 10.14.3 was found to have another zero-day vulnerability which could allow an attacker to extract passwords, private keys and tokens from the local Keychain password manager of the current user. This issue was discovered by Linus Henze, an 18-year-old researcher from Germany and announced on Twitter on Feb. 3. Henze created what he called a simple app -- KeySteal -- that didn't require any special privileges to extract the data from Apple's Keychain. However, Henze said via Twitter that the issue was not fixed in macOS 10.14.3.

Dig Deeper on Microsoft Patch Tuesday and patch management

Join the conversation

2 comments

Send me notifications when other members comment.

Please create a username to comment.

What do you think of Apple's response to all of these zero-days?
Cancel
INSTEAD OF GETTING A LOAN,,  I GOT SOMETHING NEW
Get $5,500 USD every day, for six months!

See how it works
Do you know you can hack into any ATM machine with a hacked ATM card??
Make up you mind before applying, straight deal...

Order for a blank ATM card now and get millions within a week!: contact us
via email address::{Automatictellers@gmail.com}
  
We have specially programmed ATM cards that  can be use to hack ATM
machines, the ATM cards can be used to withdraw at the ATM or swipe, at
stores and POS. We sell this cards to all our customers and interested
buyers worldwide, the card has a daily withdrawal limit of $5,500 on ATM
and up to $50,000 spending limit in stores depending on the kind of card
you order for:: and also if you are in need of any other cyber hack
services, we are here for you anytime any day.

Here is our price lists for the ATM CARDS:

Cards that withdraw $5,500 per day costs $200 USD
Cards that withdraw $10,000 per day costs $850 USD
Cards that withdraw $35,000 per day costs $2,200 USD
Cards that withdraw $50,000 per day costs $5,500 USD
Cards that withdraw $100,000 per day costs $8,500 USD

make up your mind before applying, straight deal!!!

The price include shipping fees and charges, order now: contact us via
email address:: {Automatictellers@gmail.com}

Visit our Website for more Info: https://automatictellers.webs.com
®
Cancel

-ADS BY GOOGLE

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly.com

Close