Apple updates 3 Zero-Day bugs for the latest iOS update

November 7, 2020
Browse All Blogs
apple ios14 update
On Thursday apple issued a few security updates for 3 iOS vulnerabilities that were vigorously assaulted.
These vulnerabilities were found in the FontParser and Kernel of iOS. Allowing the attacker to remotely execute the arbitrary code with kernel-level benefits.
These Zero-Days were found by Google’s Project Zero. According to the director of the Google Threat Analysis Team, the ios zero-days are closely connected with the other zero-days found in google chrome and windows this month. But is not targeting the elections.
Apple zero day bug
Any other information about the attacker or target was not shared.

The list of devices that are affected is as follows:

  • iPhone 5s and Next
  • iPod 6th and 7th Generation
  • iPad Air
  • iPad Mini 2 and Next
  • Apple watches series 1 and Next
Security patches are available for iOS 12.4.9 and 14.2, iPad OS 14.2, watch OS 5.3.9, 6.2.9 and 7.1, and for mac OS Catalina 10.15.7.
According to Google Project Zero team leader Ben Hawkes, Three iOS vulnerabilities are as follows:
CVE-2020-27930: This vulnerability was found in the FontParser, Allowing the attacker to ploy against the target tricking the user to click on the maliciously crafted document. Triggering the memory corruption & executing the arbitrary code on the system.
This vulnerability allows the attacker to remotely attack the machine.
CVE-2020-27932: This vulnerability is exploited locally, the attacker needs to have credentials for authentication.
This is a classic privilege escalation exploit. A specifically crafted program can help the attacker to execute the arbitrary code with escalated privileges.
CVE-2020-27950: This vulnerability is exploited locally, It is used to obtain potentially sensitive information.
This exploit occurs due to the “type confusion” in the mac OS. Allowing the attacker to gain kernel-level sensitive information.
It’s unclear whether these vulnerabilities were used to target a single or in-mass. Apple users are recommended to update their devices to be safe.

Users also read:

January 6, 2021
How to Invade CouchDB with Ubuntu

In this article, we will demonstrate how you can set up your vulnerable CouchDB for pen-testing in Ubuntu 20.4

December 24, 2020
How to grab windows credentials using FakeLogonScreen Tool

This tool pretty much creates the fake logon screen on victim computer. Victim might think he accidentally logged off but that’s not the case.

December 17, 2020
Google collapse: YouTube, Google meet, Maps Stop working around the globe

Google experienced difficulties on a large scale for it’s online services, such as YouTube, Google Meet, Google Maps, Google Calendar.

Leave a Reply

Your email address will not be published. Required fields are marked *

linkedin facebook pinterest youtube rss twitter instagram facebook-blank rss-blank linkedin-blank pinterest youtube twitter instagram