Home » » iOS update fixes three major security flaws that have already been exploited

iOS update fixes three major security flaws that have already been exploited

No comments

Apple has released a new security update for iOS to address three zero-day vulnerabilities that are actively being exploited by cybercriminals in the wild.

According to the director of Google's Threat Analysis Group, Shane Huntley the three iOS zero-days are related to another trio of zero-days in its Chrome browser as well as to a Windows zero-day which was recently disclosed by the company's Project Zero security team.

In a tweet, Huntely confirmed that three iOS zero days were being used for targeted exploitation in the wild though they are not being used to target the 2020 election in the US. While the zero-days are currently being used in attacks, Google did not share any details regarding who is responsible or who was targeted.

iOS zero-days

iOS users should update their devices to iOS 14.2 to prevent falling victim to any potential attacks exploiting the three zero-days. The vulnerabilities have also been fixed in iPadOS 14.2 and watchOS 5.38, 6.2.9, and 7.1, though the fixes have also been backported to older iPhones via iOS 12.4.9.

The attacks leveraging the zero-days in iOS were discovered by Google's Project Zero security team which reported its findings to Apple.

According to Project Zero team lead Ben Hawkes the first zero day is a remote code execution flaw, tracked as CVE-2020-27930, in the iOS FontParser component that allows an attacker to run code remotely on iOS devices. The second zero-day is a privilege escalation vulnerability, tracked as CVE-2020-27932, in the iOS kernel that allows an attacker to run malicious code with kernel-level privileges. Finally the third zero-day is a memory leak in the iOS kernel, tracked as CVE-2020-27950, that allows an attacker to retrieve content from an iOS device's kernel memory.

The reason why iOS users are being urged to update their devices as soon as possible is because all three zero-days are used together as part of an exploit chain that allows an attacker to compromise iPhones remotely.

Via ZDNet



from TechRadar - All the latest technology news https://ift.tt/2I3u3qQ
Share:

Related Posts:

No comments:

Post a Comment

Categories

Rove Reviews Youtube Channel

  1. Subscribe to our youtube channel
  2. Like our videos and share them too.
  3. Our youtube channel name Rove reviews.

WITNUX

This website is made by Witnux LLC. This website provides you with all the news feeds related to technology from large tech media industries like GSM Arena, NDTV, Gadgets 360, Firstpost and many other such ates altogether at technical depicts so that you need not go to several sites to view their post provide you advantantage of time.

From the developer
Tanzeel Sarwar

OUR OTHER NETWORKS

OUR YOUTUBE CHANNEL

ROVE REVIEWS PLEASE SUBSCRIBE

OUR FACEBOOK PAGE

The Rove Reviews

Support

Trying our best to provide you the best DONATE or SUPPORTour site Contact me with details how are you gonna help us