Apple Security Update - 3 New Vulnerabilities Found!

Is your iOS device up to date?

Recently, Apple has observed 3 serious vulnerabilities in their system and released several updates.

The flaws were found in the FontParser and kernel which were rolled out in various devices (Pad, macOS, iOS and watchOS). The vulnerability benefits the adversaries with arbitrary codes and executes the malware at the kernel-level.

As a responsible member of the industry, Google's Project Zero team discovered the zero-days flaws and informed Apple accordingly.

Apple has further came up with an easy response on the vulnerability:

"Apple is aware of reports that an exploit for this issue exists in the wild,"

Impacted devices:

• iPhone 5s or later
• iPad Air
• iPad mini 3 and above
• iPod touch 6th and 7th generation
• Apple watch series 1 and later

Vulnerabilities codes:

As per Apple's report, the 3 security vulnerabilities are:

1. CVE-2020-27930: FontParser library issues.
2. CVE-2020-27932: Arbitrary code issues.
3. CVE-2020-27950: A type-confusion issue.

Shane Huntley, Director of Google's Threat Analysis Group (TAG) said,
"Targeted exploitation in the wild similar to the other recently reported 0days,"
"Not related to any election targeting."

Available fixes:

• iOS 12.4.9 and 14.2
• iPadOS 14.2
• watchOS 5.3.9, 6.2.9, and 7.1
• macOS Catalina 10.15.7 (supplemental update)

Stay updated with the Cyber trends:

Follow ISOEH (Indian School of Ethical Hacking) for updated cyber security news.

We are helping individuals and corporations to fight against the cyber criminals and build a healthy work environment.

Stay connected!