Recent iOS Update Addresses A Number of Security Vulnerabilities
If you use an Apple device running iOS, then you’ll want to update to the latest version (14.2) immediately.
In the latest update, Apple has patched a trio of ‘Zero-Day Vulnerabilities’ known to have been used by hackers to exploit unpatched systems.
The three issues addressed are as follows:
CVE-2020-27930 – This issue is a remote code execution flaw in the iOS FontParser that allows attackers to execute commands arbitrarily, passing them through this gateway.
CVE-2020-27932 – This is a privilege escalation issue in the kernel of iOS that allows an attacker to run malicious code with kernel-level privileges.
CVE-2020-27950 – This one is a memory leak in the iOS kernel that allows an attacker to retrieve content from any iOS device’s kernel memory.
The three flaws have been chained together in attacks against vulnerable system, and collectively, they allow an attacker to take complete control of any vulnerable device.
The fixes for the issues described above are also available for iPadOS, with the release of version 14.2, and watchOS 5.3.8, 6.2.9, and 7.1. If you have an older generation iPhone, you can also make sure you’re protected by downloading iOS version 12.4.9.
These issues appear to be related to a trio of recently discovered and patched flaws in ChromeOS and a single Zero-Day issue found in Windows 10. According to Shane Huntley, the Director of Google’s Threat Analysis Group, none of the recently discovered issues had anything to do with any sort of election targeting. Although as is the case with issues like these, Google declined to provide specific details about how these attacks work or exactly who was targeted.
Zero-Day Vulnerabilities are about as serious as they come, so even if you’re not normally in a big rush to update your system, you should make an exception in this case. Kudos to Google for launching the Zero Day project, and to Apple for their fast action in addressing these recently discovered issues and patching them in a bid to help keep their users safe. That’s how it’s done.