Errors detected on devices iPhone, iPad and iPod, have been fixed by Apple through new system updates iOS and iPodOS. The most serious of the errors could be exploited by an attacker to execute arbitrary code.
The errors were released on Wednesday as part of the release of updates for iOS 14 and iPadOS 14. The errors encountered are a total of 11 and are found in products and components, including AppleAVD, Apple Keyboard, WebKit and Siri.
Security bugs have not been evaluated by Apple, but appear to range from moderate to more severe. The error in Crab for example, it allows a person with physical access to an iPhone to view notification content from the lock screen. Another bug called Universal Scene Description (USD), could allow one intruder to execute arbitrary code on a specific model of iOS device.
According to her researchers IBM, one of the most significant bugs Apple has fixed is a privilege scaling vulnerability that affects Apple iOS and iPadOS. Known as CVE-2020-9992, the vulnerability could be exploited if a target is tricked into opening a specially crafted file.
Apple detected the error in an IDE component, which is essentially the interfaces used to transmit data from a device motherboard (or circuit board) to the device storage component.
Investigators Dany Lisiansky and Nikias Bassen are the ones who first discovered the error. In its security bulletin, Apple also thanked him Brandon Azad of Google Project Zero for his help. Both Apple and the investigators declined to comment further on the bug.
The error was assessed as highly serious. The researchers suggested that the defect was linked to a set of Apple developer tools called Xcode. Apple describes Xcode as "a complete set of developer tools for creating applications for Mac, iPhone, iPad, Apple Watch and Apple TV."