Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Share Post: Reddit Facebook
Apple fixes three iOS zero-days exploited in the wild
#1
https://www.zdnet.com/article/apple-fixe...-the-wild/        Apple fixes three iOS zero-days exploited in the wild
Apple has patched the three zero-days with today's release of iOS 14.2.

Catalin Cimpanu
By Catalin Cimpanu for Zero Day | November 5, 2020 -- 19:42 GMT (11:42 PST) | Topic: Security          Apple has released security updates today for iOS to patch three zero-day vulnerabilities that were discovered being abused in attacks against its users.

According to Shane Huntley, Director of Google's Threat Analysis Group, the three iOS zero-days are related to the recent spat of three Chrome zero-days[1, 2, 3] and a Windows zero-day that Google had previously disclosed over the past two weeks.

Just like in the four previous cases, Google has not shared details about the attacker(s) or their target(s).

While it's unknown if the zero-days have been used against selected targets or en-masse, iOS users are advised to update to iOS 14.2, just to be on the safe side.

The same security bugs have also been fixed in iPadOS 14.2 and watchOS 5.3.8, 6.2.9, and 7.1, and have also been backported for older generation iPhones via iOS 12.4.9, also released today.

According to Google Project Zero team lead Ben Hawkes, whose team discovered and reported the attacks to Apple, the three iOS zero-days are:

CVE-2020-27930 — a remote code execution issue in the iOS FontParser component that lets attackers run code remotely on iOS devices.
CVE-2020-27932 — a privilege escalation vulnerability in the iOS kernel that lets attackers run malicious code with kernel-level privileges.
CVE-2020-27950 — a memory leak in the iOS kernel that allows attackers to retrieve content from an iOS device's kernel memory.
All three bugs are believed to have been used together, part of an exploit chain, allowing attackers to compromise iPhone devices remotely.
Reply


Possibly Related Threads…
Thread Author Replies Views Last Post
  Apple emergency updates fix 3 new zero-days exploited in attacks mrtrout 0 487 09-21-2023 , 10:02 PM
Last Post: mrtrout
  VMware warns of critical vRealize flaw exploited in attacks mrtrout 0 381 06-21-2023 , 02:00 AM
Last Post: mrtrout
  Microsoft November 2021 Patch Tuesday fixes 6 zero-days, 55 flaws mrtrout 0 516 11-09-2021 , 10:20 PM
Last Post: mrtrout
  Emergency Apple iOS 15.0.2 update fixes zero-day used in attacks mrtrout 0 604 10-11-2021 , 09:47 PM
Last Post: mrtrout
  Top Linux Vulnerabilities Exploited by Hackers mrtrout 0 504 08-27-2021 , 01:12 AM
Last Post: mrtrout

Forum Jump:


Users browsing this thread: 1 Guest(s)