Researchers at cybersecurity company Check Point have today shared details Vulnerability-related.DiscoverVulnerability of a vulnerability in DJI ’ s infrastructure that could have given hackers access to consumer and corporate user accounts , personal data , flight logs , photos , videos , and – if the user was flying with DJI ’ s FlightHub application – a live camera feed and map during missions . Check Point submitted a report Vulnerability-related.DiscoverVulnerability to DJI ’ s Bug Bounty Program , highlighting a process in which an attacker could have gained access to a user ’ s account through a vulnerability discovered Vulnerability-related.DiscoverVulnerability in the user identification process within DJI Forum . Check Point ’ s researchers found Vulnerability-related.DiscoverVulnerability that DJI ’ s various platforms used a token to identify registered users across different aspects of the customer experience . Hackers could plant malicious links that would compromise accounts within that framework . In a blog post outlining their investigation , Check Point explained the process of a possible exploit : The vulnerability was accessed through DJI Forum , an online forum DJI runs for discussions about its products . A user who logged into DJI Forum , then clicked a specially-planted malicious link , could have had his or her login credentials stolen Attack.Databreach to allow access to other DJI online assets : DJI ’ s web platform ( account , store , forum ) Cloud server data synced from DJI ’ s GO or GO 4 pilot apps DJI ’ s FlightHub ( centralized drone operations management platform ) We notified Vulnerability-related.DiscoverVulnerability DJI about this vulnerability in March 2018 and DJI responded Vulnerability-related.DiscoverVulnerability responsibly . The vulnerability has since been patched Vulnerability-related.PatchVulnerability . DJI classified Vulnerability-related.DiscoverVulnerability this vulnerability as high risk but low probability , and indicated there is no evidence this vulnerability was ever exploited Vulnerability-related.DiscoverVulnerability by anyone other than Check Point researchers . Check Point even made a Mission Impossible-style trailer for their findings , which is… interesting .

A pair of iOS bugs identified Vulnerability-related.DiscoverVulnerability as resolved Vulnerability-related.PatchVulnerability by Apple in its latest iOS 12.1.4 release were successfully exploited Vulnerability-related.DiscoverVulnerability by hackers , according to a Google researcher who shared details Vulnerability-related.DiscoverVulnerability of the zero-day vulnerabilities on Thursday . Apple 's latest iOS 12.1.4 release , issued Vulnerability-related.PatchVulnerability earlier today , contains fixes for Foundation and IOKit flaws that , according to security researcher Ben Hawkes , were used to hack devices in the wild . As noted by ZDNet , Hawkes , leader of Google 's Project Zero security team , shared the revelation Vulnerability-related.DiscoverVulnerability on Twitter late Thursday , saying Vulnerability-related.DiscoverVulnerability the iOS bugs were leveraged as zero-day vulnerabilities . How , exactly , the vulnerabilities were exploited Vulnerability-related.DiscoverVulnerability and by whom is unknown . Both bugs were detailed Vulnerability-related.DiscoverVulnerability in Apple documentation detailing security changes delivered Vulnerability-related.PatchVulnerability with the iOS 12.1.4 package . Logged with the identifier Vulnerability-related.DiscoverVulnerability CVE-2019-7286 , the Foundation flaw involves a memory corruption issue that could allow an app to gain elevated privileges in iPhone 5s and later , iPad Air and later , and iPod touch 6th generation . An anonymous researcher , Clement Lecigne of Google Threat Analysis Group , Ian Beer of Google Project Zero and Samuel Grob of Google Project Zero were credited with finding Vulnerability-related.DiscoverVulnerability the flaw . The second bug , identified Vulnerability-related.DiscoverVulnerability as CVE-2019-7287 , also involves a memory corruption , but instead of granting elevated privileges it allows an app to executive code with kernel privileges on iPhone 5s and later , iPad Air and later , and iPod touch 6th generation . The same researchers were credited with the find Vulnerability-related.DiscoverVulnerability . Apple released Vulnerability-related.PatchVulnerability iOS 12.1.4 alongside a supplemental update to macOS Mojave to address Vulnerability-related.PatchVulnerability the widely publicized FaceTime flaw that allowed interlopers to eavesdrop on Group FaceTime calls . The update also patched Vulnerability-related.PatchVulnerability a Live Photos in FaceTime bug that was discovered Vulnerability-related.DiscoverVulnerability after Apple conducted a `` thorough security audit '' of the service . Details of the Live Photos vulnerability have yet to be made public Vulnerability-related.DiscoverVulnerability .