News

iOS 12.1.4 Update Now Available – Fixes Group FaceTime and Newly Discovered Live Photos Vulnerabilities

Apple on Thursday released iOS 12.1.4, an update for iPhone, iPad, and iPod touch devices that fixes the Group FaceTime bug that allowed a FaceTime caller to monitor audio and video from a call recipient, even if they did not accept the FaceTime call.

The update also fixes a privacy bug found when a security audit of the FaceTime service uncovered an issue with Live Photos.

The new iOS 12.1.4 software can be downloaded to all compatible devices over-the-air by going to “Settings” -> “General” -> “Software Update” and following the prompts.

Apple’s release notes list the following fixes in iOS 12.1.4:

iOS 12.1.4

Released February 7, 2019

FaceTime

Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation

Impact: The initiator of a Group FaceTime call may be able to cause the recipient to answer

Description: A logic issue existed in the handling of Group FaceTime calls. The issue was addressed with improved state management.

CVE-2019-6223: Grant Thompson of Catalina Foothills High School, Daven Morris of Arlington, TX

Foundation

Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation

Impact: An application may be able to gain elevated privileges

Description: A memory corruption issue was addressed with improved input validation.

CVE-2019-7286: an anonymous researcher, Clement Lecigne of Google Threat Analysis Group, Ian Beer of Google Project Zero, and Samuel Groß of Google Project Zero

IOKit

Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation

Impact: An application may be able to execute arbitrary code with kernel privileges

Description: A memory corruption issue was addressed with improved input validation.

CVE-2019-7287: an anonymous researcher, Clement Lecigne of Google Threat Analysis Group, Ian Beer of Google Project Zero, and Samuel Groß of Google Project Zero

Live Photos in FaceTime

Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation

Impact: A thorough security audit of the FaceTime service uncovered an issue with Live Photos 

Description: The issue was addressed with improved validation on the FaceTime server. 

CVE-2019-7288: Apple

Chris Hauk

Chris is a Senior Editor at Mactrast. He lives somewhere in the deep Southern part of America, and yes, he has to pump in both sunshine and the Internet.