Date:06/11/20
Google researchers reported on the discovery of zero-day vulnerabilities in Apple operating systems. The vulnerabilities found are of the same nature as previously discovered vulnerabilities in Windows and Chrome. An attacker can force the system to execute malicious code through modified fonts. Apple has patched iOS 12.4.9, macOS Catalina 10.15.7, iPadOS 14.2, and watchOS 5.3.8, 6.2.9, 7.1 and encourages users to update.
Traditionally, reports of zero-day vulnerabilities have not been accompanied by details so that users can update and hackers are unable to quickly create new exploits. However, such vulnerabilities are already being exploited by hackers, which is why they are reported with a delay of no more than seven days. These few days were enough for Apple to patch the holes in its operating systems.
In particular, three vulnerabilities have been fixed: CVE-2020-27930, CVE-2020-27932, and CVE-2020-27950. Vulnerability CVE-2020-27930 affects iPhone 5s, iPhone 6 and 6 Plus, iPad Air, iPad mini 2 and 3, and iPod touch. It is hidden in the FontParser component and leads to the execution of arbitrary code by an attacker.
Vulnerability CVE-2020-27932 also allows arbitrary code to be executed with kernel privileges. It affects the same Apple smartphones and tablets as the previous vulnerability. Vulnerability CVE-2020-27950 allows a malicious application to expose the contents of kernel memory on the same Apple devices.
Fonts turned out to be contagious: three zero-day vulnerabilities in Google Chrome were found in Apple iOS and macOS
Google researchers reported on the discovery of zero-day vulnerabilities in Apple operating systems. The vulnerabilities found are of the same nature as previously discovered vulnerabilities in Windows and Chrome. An attacker can force the system to execute malicious code through modified fonts. Apple has patched iOS 12.4.9, macOS Catalina 10.15.7, iPadOS 14.2, and watchOS 5.3.8, 6.2.9, 7.1 and encourages users to update.Traditionally, reports of zero-day vulnerabilities have not been accompanied by details so that users can update and hackers are unable to quickly create new exploits. However, such vulnerabilities are already being exploited by hackers, which is why they are reported with a delay of no more than seven days. These few days were enough for Apple to patch the holes in its operating systems.
In particular, three vulnerabilities have been fixed: CVE-2020-27930, CVE-2020-27932, and CVE-2020-27950. Vulnerability CVE-2020-27930 affects iPhone 5s, iPhone 6 and 6 Plus, iPad Air, iPad mini 2 and 3, and iPod touch. It is hidden in the FontParser component and leads to the execution of arbitrary code by an attacker.
Vulnerability CVE-2020-27932 also allows arbitrary code to be executed with kernel privileges. It affects the same Apple smartphones and tablets as the previous vulnerability. Vulnerability CVE-2020-27950 allows a malicious application to expose the contents of kernel memory on the same Apple devices.
Views: 265
©ictnews.az. All rights reserved.
Similar news
- Cellphone Use May Raise Cancer Risk
- Australian police pushes cyber safety education
- Vietnam aims to lead in e-government
- Senate Website Gets Hacked
- US builds net for cyber war games
- Japan enacts anti-computer virus law
- India passes law vs e-waste
- Anonymous Declares War On The City Of Orlando
- Microsoft highlights evolving dangers as online identity data proliferates
- Consumers want internet security to be provided by banks
- Government facilities targets of cyber attack
- South Korean web attacks might been war drill
- Sri Lanka to Establish National Passport Database to Increase Border Security
- Hi-tech crime agencies set to employ information security professionals
- Phone hacking and online campaign bring down the News of the World
