Firmware fixed not only FaceTime.
Thursday, 7 February, Apple released final version iOS 12.1.4 with fix for critical vulnerability FaceTime, which allows you to listen to iPhone users. But as it turned out, iOS 12.1.4 has other hidden innovations, which Apple omitted. Important changes of the iOS 12.1.4 today told the experts of the security group Google Project Zero.
In iOS 12.1.4 was fixed two critical vulnerabilities “zero day”. According to the staff of Project Zero, these vulnerabilities were not known to the public, but they were used by hackers.
The first vulnerability in the iOS platform Foundation allows attackers to exploit a bug with memory corruption to gain elevated privileges on the iPhone and iPad all models. The second vulnerability was discovered in the framework IOKit. Its use enabled the hackers to run on hacked devices arbitrary code with administrator rights.
In Project Zero said that the hackers who found the vulnerabilities used them. But, as is often the case with such a critical vulnerability, they never talked, not to attract Apple’s attention. However, Apple employees were able to find vulnerabilities and eliminate them quickly.