HomeCyber SecurityApple fixes three iOS zero-days exploited in the wild

Apple fixes three iOS zero-days exploited in the wild

Apple has released security updates today for iOS to patch three zero-day vulnerabilities that were discovered being abused in attacks against its users.

According to Shane Huntley, Director of Google’s Threat Analysis Group, the three iOS zero-days are related to the recent spat of three Chrome zero-days[123] and a Windows zero-day that Google had previously disclosed over the past two weeks.

Just like in the four previous cases, Google has not shared details about the attacker(s) or their target(s).

Targeted exploitation in the wild similar to the other recently reported 0days. Not related to any election targeting.

— Shane Huntley (@ShaneHuntley) November 5, 2020

While it’s unknown if the zero-days have been used against selected targets or en-masse, iOS users are advised to update to iOS 14.2, just to be on the safe side.

The same security bugs have also been fixed in iPadOS 14.2 and watchOS 5.3.86.2.9, and 7.1, and have also been backported for older generation iPhones via iOS 12.4.9, also released today.

According to Google Project Zero team lead Ben Hawkes, whose team discovered and reported the attacks to Apple, the three iOS zero-days are:

  1. CVE-2020-27930 — a remote code execution issue in the iOS FontParser component that lets attackers run code remotely on iOS devices.
  2. CVE-2020-27932 — a privilege escalation vulnerability in the iOS kernel that lets attackers run malicious code with kernel-level privileges.
  3. CVE-2020-27950 — a memory leak in the iOS kernel that allows attackers to retrieve content from an iOS device’s kernel memory.

All three bugs are believed to have been used together, part of an exploit chain, allowing attackers to compromise iPhone devices remotely.

By ZDNet Source Link

Technology For You
Technology For Youhttps://www.technologyforyou.org
Technology For You - One of the Leading Online TECHNOLOGY NEWS Media providing the Latest & Real-time news on Technology, Cyber Security, Smartphones/Gadgets, Apps, Startups, Careers, Tech Skills, Web Updates, Tech Industry News, Product Reviews and TechKnowledge...etc. Technology For You has always brought technology to the doorstep of the Industry through its exclusive content, updates, and expertise from industry leaders through its Online Tech News Website. Technology For You Provides Advertisers with a strong Digital Platform to reach lakhs of people in India as well as abroad.

LEAVE A REPLY

Please enter your comment!
Please enter your name here

spot_img

CYBER SECURITY NEWS

TECH NEWS

TOP NEWS