What is the threat?
Recently, Google’s Project Zero team reported a new zero-day vulnerability discovered in Apple’s iOS. They identified several malicious/fraudulent applications available for download in the app store. These applications leave iPhones susceptible to vulnerabilities that put the hardware’s framework at risk and can lead to memory corruption. Successful exploitation of these vulnerabilities could allow a malicious actor to gain escalated privileges on the victim’s device.
Why is this noteworthy?
Recent statistics indicate there are more than 700 million iPhone users worldwide; many of which could be vulnerable to this exploit if they do not address software updates as they are released.
What is the exposure or risk?
If an unauthorized party is able to escalate their privileges, they would have the ability to execute code and have full control of the device. This includes gaining access to sensitive data such as banking information, email and social accounts, contacts, and any other personal information an individual has stored on their device.
What are the recommendations?
SKOUT recommends following best security practices in continuously hardening and patching your systems as updates are made available. Apple has already released a new update which includes patches for this vulnerability. SKOUT recommends every iPhone user updates their devices to iOS version 12.1.4 or newer to avoid having their data breached.
For more in-depth information about the recommendations, please visit the following link:
If you have any questions, please contact our Secure Intelligence Center.