Thursday, January 21, 17:49
Home security Error allows remote code to run on Apple devices

Error allows remote code to run on Apple devices

Errors detected on devices iPhone, iPad and iPod, have been fixed by Apple through new system updates iOS and iPodOS. The most serious of the errors could be exploited by an attacker to execute arbitrary code.

Apple

The errors were released on Wednesday as part of the release of updates for iOS 14 and iPadOS 14. The errors encountered are a total of 11 and are found in products and components, including AppleAVD, Apple Keyboard, WebKit and Siri.

Security bugs have not been evaluated by Apple, but appear to range from moderate to more severe. The error in Crab for example, it allows a person with physical access to an iPhone to view notification content from the lock screen. Another bug called Universal Scene Description (USD), could allow one intruder to execute arbitrary code on a specific model of iOS device.

According to her researchers IBM, one of the most significant bugs Apple has fixed is a privilege scaling vulnerability that affects Apple iOS and iPadOS. Known as CVE-2020-9992, the vulnerability could be exploited if a target is tricked into opening a specially crafted file.

Apple detected the error in an IDE component, which is essentially the interfaces used to transmit data from a device motherboard (or circuit board) to the device storage component.

Investigators Dany Lisiansky and Nikias Bassen are the ones who first discovered the error. In its security bulletin, Apple also thanked him Brandon Azad of Google Project Zero for his help. Both Apple and the investigators declined to comment further on the bug.

The error was assessed as highly serious. The researchers suggested that the defect was linked to a set of Apple developer tools called Xcode. Apple describes Xcode as "a complete set of developer tools for creating applications for Mac, iPhone, iPad, Apple Watch and Apple TV."

Its version Xcode 12.0 Apple on Wednesday mitigates the vulnerability, according to the company.

LEAVE ANSWER

Please enter your comment!
Please enter your name here

Absent Mia
Absent Miahttps://www.secnews.gr
Being your self, in a world that constantly tries to change you, is your greatest achievement

LIVE NEWS

00:02:35

Bill Gates: Will he work with Biden on COVID-19 / climate change?

Microsoft co-founder Bill Gates said on Twitter that he is looking forward to working with the new US President, Joe Biden, and ...

What are the rumors circulating about the iPhone 13?

Apple iPhone 13 will have a redesigned Face ID system that will have a smaller notch at the top of the screen, ...

Biden: How was the political transition in the US captured on social media?

As Joe Biden was sworn in as President of the United States, this important political transition was captured on popular social media. On January 20, ...

CentOS ceases to be supported but RHEL is offered for free

Last month, Red Hat caused a great deal of concern in the Linux world when it announced the discontinuation of CentOS Linux.

Microsoft Office 365 employee passwords leaked online!

A new large-scale phishing campaign targeting global organizations has been found to bypass Microsoft Office 365 Advanced Threat Protection (ATP) and ...

COSMOTE and Microsoft provide new cloud solutions for businesses

COSMOTE and Microsoft expand their cooperation, offering even more advanced and high quality cloud solutions, in large and small ...

Cyber ​​attacks in Eastern Europe are on the rise!

The cyber-attacks that have taken place in many US government agencies and companies in recent months have caused concern in the developing countries of ...

Tesla reduces the prices of the Model 3 in Europe

Tesla has reduced the prices of the Model 3 in many European markets, which reductions could be partly linked ...

iOS, Android, XBox users in the crosshairs of a new malvertising campaign

Recently a new malvertising campaign was discovered that targets users of mobile and other connected devices and uses effective ...

Microsoft: "Zero trust" protects against sophisticated hacking attacks

According to Microsoft, the techniques used by the hackers of SolarWinds, were sophisticated but common and preventable. To avoid future attacks ...