Systems Affected
iPhone 5S and later, iPod touch 6th & 7th gen, iPad Air, iPad mini 2 and later, Apple Watch Series 1 and later
Threat Level
Overview
Apple recently released security patches for 3 major vulnerabilities found in iOS. These vulnerabilities were reported to Apple by Google's Project Zero security team.
Description
According to the Apple security advisory below are 3 major security flaws, ✻ CVE-2020-27930: A memory corruption issue in the FontParser library that allows for remote code execution when processing a maliciously crafted font. ✻ CVE-2020-27932: A memory initialization issue that allows a malicious application to execute arbitrary code with kernel privileges. ✻ CVE-2020-27950: A type-confusion issue that makes it possible for a malicious application to disclose kernel memory.
Impact
✻ Exposing private information to unauthorized parties ✻ Unauthorized access ✻ Malware infections
Solution/ Workarounds
✻ Update to the latest iOS versions (Fixes are available for the iOS versions iOS 12.4.9 and 14.2, iPadOS 14.2, watchOS 5.3.9, 6.2.9, and 7.1, and as a supplemental update for macOS Catalina 10.15.7)
References
✻ https://thehackernews.com/2020/11/update-your-ios-devices-now-3-actively.html ✻ https://www.cert-in.org.in/
Disclaimer
The information provided herein is on "as is" basis, without warranty of any kind.
|