Monday, February 22, 02:34
Home security Apple fixes three zero-day vulnerabilities in iOS

Apple fixes three zero-day vulnerabilities in iOS

Η Apple corrected yesterday three zero-day vulnerabilities on iOS, already used by cyber criminals and influencing Appliances iPhone, iPad and iPod.


Η company released the corrections and gave some information about the three zero-day vulnerabilities, saying that she learned about them through some reports that reached her hands.

According to Apple, the devices that are affected by iOS vulnerabilities are iPhone 6s and later, This makes it a perfect choice for people with diabetes and for those who want to lose weight or follow a balanced diet. 7th generation iPod touch, The iPad Air 2 and later and iPad mini 4 and later.

Zero-day bugs were fixed by Apple with its release iOS 14.2, the latest stable version of its mobile operating system.

Kernel and FontParser errors

Apple said one of the three vulnerabilities allows the remote code execution (RCE). This vulnerability has been named CVE-2020-27930 and is triggered by a memory issue related to the FontParser library.

The second iOS vulnerability (CVE-2020-27950) it is one "kernel memory leak”And is caused by a memory problem, which allows malicious applications to Access the Kernel Memory |

Finally, the third vulnerability (CVE-2020-27932) allows the attacker to gain more privileges on the victim device (allows malicious applications execute code with kernel privileges).

The one who discovered and informed Apple about the three iOS zero-day vulnerabilities was Project Zero, its security team Google.

"It simply came to our notice then targeted exploitation of vulnerabilities, similar to the other zero-day vulnerabilities we recently discoveredSaid Google's Shane Huntley. "They are not related to the elections".

iOS zero-day

Project Zero team has discovered five zero-day vulnerabilities in a few days

The last two weeks, the team security Google has discovered four other zero-day vulnerabilities, in addition to that of Apple.

Initially, Google fixed two such bugs that were already being used by cybercriminals. It was two vulnerabilities in Chrome (CVE-2020-15999 in the FreeType text-rendering library and CVE-2020-16009 in WebAssembly and JavaScript engine).

A third error (CVE-2020-16010) caused by "heap buffer overflow"At Android UI. Google has fixed this vulnerability with its release Chrome version for Android, 86.0.4240.185.

Finally, Google researchers have discovered one zero-day vulnerability in Windows kernel affecting all versions between Windows 7 and Windows 10 (including these two versions). This vulnerability is expected to be fixed by Microsoft on November 10, with the release of Patch Tuesday November.

Source: Bleeping Computer


Please enter your comment!
Please enter your name here

Digital Fortress
Digital Fortress
Pursue Your Dreams & Live!


How to make a Facetime Audio call

Tired of low quality cell phone calls? Thanks to FaceTime, you can make high-resolution calls if you use iPhone, iPad, ...

How to add special effects to Instagram messages

Did you know that you can make instant Instagram messages more impressive? Like any other Instagram feature, you can add special ...

Only 270 addresses are responsible for 55% of all money laundering

Cybercriminals who keep their money in cryptocurrencies tend to "launder" money through a small set of online services, according to ...

Twitter: Voice messages are coming! How do we send them?

Twitter will soon support voice messages in both iOS and Android applications. This means that you will be able to send ...

How to connect a Bluetooth headset to a Nintendo Switch

The Nintendo Switch has a headphone jack. However, most headphones have become wireless so you will need a way to connect them ...

How to hide your phone number in Telegram

If you wish to create a Telegram account, you must provide your telephone number. In this way, Telegram validates the ...

Google Assistant: How can you delete your recordings?

Google Assistant can make your daily life much easier. However, it also involves some privacy issues, as ...

Microsoft: Office 2021 / Office LTSC coming in the second half of 2021

Microsoft announced that the Microsoft Office Long Term Service Channel (LTSC) and Office 2021 will be released in 2021, for ...

How to quickly create QR codes with Bing

If you ever need to create a QR code, but you do not know how, Microsoft has an easy-to-use tool available in any program ...

Brave: Onion addresses leaked to DNS traffic

The Tor function included in the Brave web browser, allows users to access .onion dark web domains within ...