Categories
Cyber Security

Time to update to ios 14.2

Apple released multiple security updates to patch three zero-day vulnerabilities that were revealed as being actively exploited in the wild.

Rolled out as part of its iOS, iPadOS, macOS, and watchOS updates, the flaws reside in the FontParser component and the kernel, allowing adversaries to remotely execute arbitrary code and run malicious programs with kernel-level privileges.

The zero-days were discovered and reported to Apple by Google’s Project Zero security team.

“Apple is aware of reports that an exploit for this issue exists in the wild,” the iPhone maker said of the three zero-days without giving any additional details so as to allow a vast majority of users to install the updates.

The list of impacted devices includes iPhone 5s and later, iPod touch 6th and 7th generation, iPad Air, iPad mini 2 and later, and Apple Watch Series 1 and later.

According to Apple’s security bulletin, the flaws are:

  • CVE-2020-27930: A memory corruption issue in the FontParser library that allows for remote code execution when processing a maliciously crafted font.
  • CVE-2020-27932: A memory initialization issue that allows a malicious application to execute arbitrary code with kernel privileges.
  • CVE-2020-27950: A type-confusion issue that makes it possible for a malicious application to disclose kernel memory.