As revealed by Project Zero team lead*Ben Hawkes*on Twitter, Apple fixed two zero-day vulnerabilities which were being exploited in the wild before the release of the iOS 12.1.4 security update.
Zero-day (also known as 0day*or 0-day) vulnerabilities are security vulnerabilities that are known to the software maker but do not yet have a patch, thus exposing vulnerable*devices to potential*attacks.
CVE-2019-7286 and CVE-2019-7287 in the iOS advisory today (https://t.co/ZsIy8nxLvU) were exploited in the wild as 0day.
— Ben Hawkes (@benhawkes) February 7, 2019
The first iOS zero-day vulnerability which was reported by Hawkes as actively exploited is being tracked as*CVE-2019-7286 and, according to the iOS 12.1.4 security update it impacts the Foundation framework which "a base layer of functionality for apps and frameworks."
Foundation
Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation
Impact: An application may be able to gain elevated privileges
Description: A memory corruption issue was addressed with improved input validation.
CVE-2019-7286: an anonymous researcher, Clement Lecigne of Google Threat Analysis Group, Ian Beer of Google Project Zero, and Samuel Groß of Google Project Zero

The second 0-day*threat actors have been exploiting in the wild before Apple released iOS 12.1.4 affects the*IOKit*framework which "implements non-kernel access to I/O Kit objects (drivers and nubs) through the device-interface mechanism."
IOKit
Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation
Impact: An application may be able to execute arbitrary code with kernel privileges
Description: A memory corruption issue was addressed with improved input validation.
CVE-2019-7287: an anonymous researcher, Clement Lecigne of Google Threat Analysis Group, Ian Beer of Google Project Zero, and Samuel Groß of Google Project Zero

Besides these two zero-day issues that were impacting devices running iOS 12.1.3, Apple also fixed the highly-publicized snooping issue present in FaceTime's group call feature which allowed users to initiate a*group FaceTime call and listen in*without the person answering the call or even being aware that their device's microphone was activated.
To add insult to injury,*if one would try to mute the ringing using the*power button, the*camera would turn on enabling the caller to also see the person on the other end.
iOS zero-days are expensive merchandise

These days zero-day vulnerabilities are highly sought after*and they can bring a lot of money to security researchers willing to sell them to*exploit acquisition platforms such as Zerodium.
Just as an example, these are the prices*Zerodium is willing to currently pay for iOS/mobile zero-day exploits:
$2,000,000*- Apple iOS remote jailbreak (Zero Click) with persistence
$1,500,000*- Apple iOS remote jailbreak (One Click) with persistence
$1,000,000*- WhatsApp, iMessage, or SMS/MMS remote code execution
$500,000*- Chrome RCE + LPE (Android) including a sandbox escape
$500,000*- Safari + LPE (iOS) including a sandbox escape
$200,000*- Local privilege escalation to either kernel or root for Android or iOS
$100,000*- Local pin/passcode or Touch ID bypass for Android or iOS
BleepingComputer has reached out to Google and Ben Hawkes for more details but did not receive an answer prior to publication.*