Rabitə və İnformasiya Texnologiyaları Nazirliyinin elektron xəbər xidməti
Fonts turned out to be contagious: three zero-day vulnerabilities in Google Chrome were found in Apple iOS and macOS
Google researchers reported on the discovery of zero-day vulnerabilities in Apple operating systems. The vulnerabilities found are of the same nature as previously discovered vulnerabilities in Windows and Chrome. An attacker can force the system to execute malicious code through modified fonts. Apple has patched iOS 12.4.9, macOS Catalina 10.15.7, iPadOS 14.2, and watchOS 5.3.8, 6.2.9, 7.1 and encourages users to update.
Traditionally, reports of zero-day vulnerabilities have not been accompanied by details so that users can update and hackers are unable to quickly create new exploits. However, such vulnerabilities are already being exploited by hackers, which is why they are reported with a delay of no more than seven days. These few days were enough for Apple to patch the holes in its operating systems.
In particular, three vulnerabilities have been fixed: CVE-2020-27930, CVE-2020-27932, and CVE-2020-27950. Vulnerability CVE-2020-27930 affects iPhone 5s, iPhone 6 and 6 Plus, iPad Air, iPad mini 2 and 3, and iPod touch. It is hidden in the FontParser component and leads to the execution of arbitrary code by an attacker.
Vulnerability CVE-2020-27932 also allows arbitrary code to be executed with kernel privileges. It affects the same Apple smartphones and tablets as the previous vulnerability. Vulnerability CVE-2020-27950 allows a malicious application to expose the contents of kernel memory on the same Apple devices.
06/11/20 Çap et