Yesterday afternoon, Spanish time, the Cupertino-based company released iOS 12.1.4, the long-awaited update that solved the FaceTime security issue found on iOS and that allowed the sender of a call, pick up automatically when adding a third person to it, so that Apple's servers are once again allowing group calls.
Per se, only between devices that are managed by iOS 12.1.4. If your device is not managed by that version, group calls through FaceTime are not available unless you upgrade. But it seems that this latest update, not only fixes the problem of calls, but also, according to a Google security engineer, fixes two 0-day vulnerabilities.
0-day vulnerabilities (zero day) are those that are present in applications or operating systems since they are available to the public without the developer having knowledge of it, so they have always been available to exploit, hence they are called 0-day (zero day).
If you had any doubts about whether or not to update to iOS 12.1.4, the presence of these two vulnerabilities is further proof that it is always advisable to update our operating system to the latest version available, both of the operating system that we use and of the applications.
Ben Hawker, the Google security engineer who has reported these two vulnerabilities, identified as CVE-2019-7286 and CVE-2019-7287, claims that the former allows a third party to use memory corruption to get elevated privileges.
The second one, allows an attacker execute arbitrary code with kernel privileges, due to the memory corruption issue above. Obviously, no more details have been given due to the importance of this type of vulnerability and that many devices have not yet been updated.
These security issues were detected by Google through the Project Zero platform, platform that is responsible for detecting security flaws in both applications and operating systems and previously informing those affected, giving them a period of 90 days to solve the problem before making it public.
