On receiving reports from Google’s Project Zero team, Apple has today released new software updates of its iPads, iPhones and iPods. These are to patch three critical zero-day bugs, which could let an attacker execute code remotely, escalate admin privileges and steal the kernel data. Thus, users are recommended to upgrade to latest updates.
Apple Patches Three Zero-day Bugs
While everyone cry that Apple devices are the most secure ones in the community, they’re having critical bugs too. After all, they’re made up of almost the same hardware and software and has similar functions as others. It’s just, they’re less seen and hard to crack.
But, Apple should he appreciated for reacting quickly when a bug is reported. This increases the credibility of an OEM, who responds with a patch to secure devices, instead of letting them exploit in wild. One such incident is now, where Apple has responded to reports from Google’s Project Zero team, who discovered three critical zero-day vulnerabilities in Apple devices. These are;
RCE Bug – Tracked as CVE-2020-27930, this vulnerability allows an attacker to send a maliciously crafted font to the user, which will be improperly processed by FontParser library to trigger a memory corruption issue, thus allowing him to inject any remote code.
Kernel Memory Leak – Tracked as CVE-2020-27950, this bug will let an attacker access the kernel memory by causing a memory initialization issue.
Privilege Escalation Bug – Tracked as CVE-2020-27932, this vulnerability is a confusion issue where the malicious apps are let to execute arbitrary code with kernel privileges.
Apple have fixed three issues reported by Project Zero that were being actively exploited in the wild. CVE-2020-27930 (RCE), CVE-2020-27950 (memory leak), and CVE-2020-27932 (kernel privilege escalation). The security bulletin is available here: https://t.co/4OIReajIp6
— Ben Hawkes (@benhawkes) November 5, 2020
Apple in its security advisory said, “Apple is aware of reports that an exploit for this issue exists in the wild.” Further, Shane Huntley, the head of Google’s Threat Intelligence Group said these bugs are “Not related to any election targeting,” but the “Targeted exploitation in the wild similar to the other recently reported 0days.”
Apple has released iOS 14.2, iPadOS 14.2 and a new iPodOS update to patch the bugs that affect iPhone 6s and later, iPod touch 7th generation, iPad Air 2 and later, and iPad mini 4 and later.
Other Trending News:- News
