Business

News

 
More...

Alerts

 
More...

Events

 
More...
 
     
 

Three Major Vulnerabilities in iOS

 

Systems Affected


iPhone 5S and later, iPod touch 6th & 7th gen, iPad Air, iPad mini 2 and later, Apple Watch Series 1 and later

Threat Level


Medium


Overview


Apple recently released security patches for 3 major vulnerabilities found in iOS. These vulnerabilities were reported to Apple by Google's Project Zero security team.


Description


According to the Apple security advisory below are 3 major security flaws,
  ✻  CVE-2020-27930: A memory corruption issue in the FontParser library that allows for remote code execution when processing a maliciously crafted font.
  ✻  CVE-2020-27932: A memory initialization issue that allows a malicious application to execute arbitrary code with kernel privileges.
  ✻  CVE-2020-27950: A type-confusion issue that makes it possible for a malicious application to disclose kernel memory.


Impact


  ✻  Exposing private information to unauthorized parties
  ✻  Unauthorized access
  ✻  Malware infections


Solution/ Workarounds


  ✻  Update to the latest iOS versions (Fixes are available for the iOS versions iOS 12.4.9 and 14.2, iPadOS 14.2, watchOS 5.3.9, 6.2.9, and 7.1, and as a supplemental update for macOS Catalina 10.15.7)


References


  ✻  https://thehackernews.com/2020/11/update-your-ios-devices-now-3-actively.html
  ✻  https://www.cert-in.org.in/


Disclaimer


The information provided herein is on "as is" basis, without warranty of any kind.


 
     

© Copyright Sri Lanka CERT|CC. All Rights Reserved.