On Tuesday, Apple sent users iOS 12.1.3, which fixes 31 vulnerabilities. Each of these gaps has been assigned the CVE identifier, but especially interesting were two: CVE-2019-6227 and CVE-2019-6225.
Both of these vulnerabilities were discovered by the expert of Qihoo 360, their peculiarity lies in the fact that the attackers used them in actual attacks, achieving code execution through FaceTime.
Such attacks required the user clicked on a malicious link. The attacker usually sought, wisely using social engineering.
In fact, the presence of gaps responsible for the bug in the iOS kernel, which also allows for the jailbreak of the affected device.
Experts have published a proof-of-concept (PoC) demonstrating a successful attack, as you can see by watching the video below:
In the iOS version 12.1.3 the vulnerability is eliminated.
Read more •••