Apple updates 3 Zero-Day bugs for the latest iOS update

November 7, 2020
Browse All Blogs
apple ios14 update
On Thursday apple issued a few security updates for 3 iOS vulnerabilities that were vigorously assaulted.
These vulnerabilities were found in the FontParser and Kernel of iOS. Allowing the attacker to remotely execute the arbitrary code with kernel-level benefits.
These Zero-Days were found by Google’s Project Zero. According to the director of the Google Threat Analysis Team, the ios zero-days are closely connected with the other zero-days found in google chrome and windows this month. But is not targeting the elections.
Apple zero day bug
Any other information about the attacker or target was not shared.

The list of devices that are affected is as follows:

  • iPhone 5s and Next
  • iPod 6th and 7th Generation
  • iPad Air
  • iPad Mini 2 and Next
  • Apple watches series 1 and Next
Security patches are available for iOS 12.4.9 and 14.2, iPad OS 14.2, watch OS 5.3.9, 6.2.9 and 7.1, and for mac OS Catalina 10.15.7.
According to Google Project Zero team leader Ben Hawkes, Three iOS vulnerabilities are as follows:
RISK: CRITICAL
CVE-2020-27930: This vulnerability was found in the FontParser, Allowing the attacker to ploy against the target tricking the user to click on the maliciously crafted document. Triggering the memory corruption & executing the arbitrary code on the system.
This vulnerability allows the attacker to remotely attack the machine.
RISK: MEDIUM
CVE-2020-27932: This vulnerability is exploited locally, the attacker needs to have credentials for authentication.
This is a classic privilege escalation exploit. A specifically crafted program can help the attacker to execute the arbitrary code with escalated privileges.
RISK: LOW
CVE-2020-27950: This vulnerability is exploited locally, It is used to obtain potentially sensitive information.
This exploit occurs due to the “type confusion” in the mac OS. Allowing the attacker to gain kernel-level sensitive information.
It’s unclear whether these vulnerabilities were used to target a single or in-mass. Apple users are recommended to update their devices to be safe.

Users also read:

March 3, 2021
The Real Way To Get Geo Location Of Any Device With Kali Linux

In this post, learn how to locate any device through Kali Linux using tools. Here, nGrok, sneeker, and IP locator tools are used. Before diving into the practical let’s take a look at some theoretical aspects.

February 23, 2021
How to Snoop With Kali Linux on Bluetooth devices

Bluetooth has become a major component of our lives. Bluetooth devices used every day by many individuals around the globe.

February 16, 2021
How to do Server Side Includes Injection (SSI) Using bWAPP

On the HTML page, SSI directives are used for dynamic content. SSIs are used to run some activities before loading the current page.

Leave a Reply

Your email address will not be published. Required fields are marked *

linkedin facebook pinterest youtube rss twitter instagram facebook-blank rss-blank linkedin-blank pinterest youtube twitter instagram