Three Major Vulnerabilities in iOS

  • CERT Admin
  • Mon Nov 09 2020
  • Alerts

Systems Affected 

iPhone 5S and later, iPod touch 6th & 7th gen, iPad Air, iPad mini 2 and later, Apple Watch Series 1 and later 

Threat Level 

Medium 

Overview 

Apple recently released security patches for 3 major vulnerabilities found in iOS. These vulnerabilities were reported to Apple by Google's Project Zero security team.

Description 

According to the Apple security advisory below are 3 major security flaws,

  ✻  CVE-2020-27930: A memory corruption issue in the FontParser library that allows for remote code execution when processing a maliciously crafted font.
  ✻  CVE-2020-27932: A memory initialization issue that allows a malicious application to execute arbitrary code with kernel privileges.
  ✻  CVE-2020-27950: A type-confusion issue that makes it possible for a malicious application to disclose kernel memory.

Impact 

   ✻  Exposing private information to unauthorized parties
  ✻  Unauthorized access
  ✻  Malware infections 

Solution/ Workarounds 

  ✻  Update to the latest iOS versions (Fixes are available for the iOS versions iOS 12.4.9 and 14.2, iPadOS 14.2, watchOS 5.3.9, 6.2.9, and 7.1, and as a supplemental update for macOS Catalina 10.15.7)

References 

   ✻  https://thehackernews.com/2020/11/update-your-ios-devices-now-3-actively.html
  ✻  https://www.cert-in.org.in/ 

Disclaimer 

The information provided herein is on "as is" basis, without warranty of any kind. 

Last updated: Mon Nov 09 2020