 |
| Apple fixed 3 vulnerabilities that were actively exploited |
Apple has fixed three vulnerabilities that were actively exploited in iOS, iPadOS, macOS, and watchOS that affect the iPhone, iPad, and iPod devices.
These flaws are found in the FontParser component and in the kernel, allowing attackers to remotely execute arbitrary code and execute malware with kernel-level privileges.
The company described these three shortcomings in a security report: Apple received reports of exploiting this issue and no further details were provided to allow most users to install the update. .
The list of affected devices includes iPhone 5s and later, iPod touch 6th and 7th generation, iPad Air 2 and later, iPad mini 2 and later, and Apple Watch Series 1 and later.
The vulnerability affects Apple devices and other systems, including:
- Macs running macOS Catalina before macOS Catalina 10.15.7.
- An iPad running an iPadOS version earlier than iOS 14.2.
- Apple smartwatches with watchOS 7.1, watchOS 6.2.9, and watchOS versions earlier than watchOS 5.3.9.
- Apple TV with tvOS version earlier than tvOS 14.2.
One of the vulnerabilities is a remote code execution bug called CVE-2020-27930. When maliciously crafted fonts are handled by the FontParser library, this error is caused by a memory corruption issue.
The second vulnerability in iOS relates to a memory leak in the kernel. The vulnerability is being tracked (CVE-2020-27950) caused by a memory initialization issue that could allow malicious applications to access kernel memory.
The third actively exploited vulnerability (CVE-2020-27932) is a kernel privilege escalation error caused by gender bias, which allows malicious applications to execute arbitrary code with kernel privileges.
Project Google's flawless research team discovered these vulnerabilities and reported them to the Apple security team.
Shane Huntley, head of Google's threat assessment team, said: The targeted exploitation of the vulnerability is similar to what was reported recently and has nothing to do with election goals.