iPhone users are strongly advised to update immediately.
On Thursday, Apple released iOS 12.1.4, a patch for several security flaws including the FaceTime group chat vulnerability discovered by a 14-year-old. Also fixed are two zero-day vulnerabilities that had reportedly been actively exploited. All users are encouraged to install the update as soon as possible to secure their phones against these flaws.
Here�™s what iOS 12.1.4 patches:
Foundation zero-day vulnerability (CVE-2019-7286) �” A memory corruption issue affecting the Foundation framework allows apps to potentially gain elevated privileges. In other words, a malicious app intent on burrowing deeper into your device could use this route.
I/O Kit zero-day vulnerability (CVE-2019-7287) �” Another memory corruption issue, this time affecting objects in the I/O Kit framework, allows apps to potentially execute code with kernel privileges, another route for bad actors.
Group FaceTime call vulnerability (CVE-2019-6223) �”Famously discovered by 14-year-old Grant Thompson a couple of weeks ago, this flaw allows the initiator of a Group FaceTime call to cause the recipient�™s phone to answer without the recipient knowing, creating a very easy-to-use eavesdropping tool.
Each of these flaws poses a major security risk on its own, which is why Avast and cybersecurity experts everywhere are urging iOS users to install the update immediately. �œEvery vulnerability not patched is a back door ready for use by cybercriminals,” notes Avast security evangelist Luis Corrons. �œThat�™s why it is of the utmost importance to always update our devices.”
Avast is a global leader in cybersecurity, protecting hundreds of millions of users around the world. Protect all of your devices with award-winning free antivirus. Safeguard your privacy and encrypt your online connection with SecureLine VPN.