RCE Bug in iPhones and iPads
While Apple devices are touted to be more secure than anything, they’re infested with similar bugs as others, though found less. Today, the company has released two new updates to its iPhone (as of iOS 14.2), iPadOS (as iPadOS 14.2), and iPod, to patch three zero-day bugs reported by Google’s Project Zero team.
— Ben Hawkes (@benhawkes) November 5, 2020 These bugs affect Apple devices of iPhone 6 and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touches 7th generation. The three zero-day bugs are as follows; CVE-2020-27930 – A remote code execution (RCE) bug is caused by a memory corruption issue when the device’s FontParser library processes a maliciously crafted font sent by the attacker. CVE-2020-27950 – relating to a kernel memory leak, this vulnerability results from a memory initialization issue that ultimately lets any malicious apps access the kernel memory of the device. CVE-2020-27932 – This is more of a confusion issue, where a malicious application can execute an arbitrary code with kernel privileges in the device, letting the attacker has escalated privilege. The Project Zero team has also discovered few bugs in their Chrome browser and some in Microsoft’s Windows OS, which is reported last week. While the bug in Chrome was fixed with a patch update soon, the bug in Windows affects versions 7 to 10, allowing attackers with escalated privilege and exploiting the kernel.
iOS 14 and iPadOS 14 Beta Bug Annoys Users With Update Prompts Adobe’s Photoshop Launched For iPad. Comes With 30-Day Trial Version Apple to Take On Google: Might Launch its Own Search Engine Soon EU Rules May Force Apple to Share Its Payment Technology