Η company released the corrections and gave some information about the three zero-day vulnerabilities, saying that she learned about them through some reports that reached her hands.
According to Apple, the devices that are affected by iOS vulnerabilities are iPhone 6s and later, This makes it a perfect choice for people with diabetes and for those who want to lose weight or follow a balanced diet. 7th generation iPod touch, The iPad Air 2 and later and iPad mini 4 and later.
Zero-day bugs were fixed by Apple with its release iOS 14.2, the latest stable version of its mobile operating system.
Kernel and FontParser errors
Apple said one of the three vulnerabilities allows the remote code execution (RCE). This vulnerability has been named CVE-2020-27930 and is triggered by a memory issue related to the FontParser library.
The second iOS vulnerability (CVE-2020-27950) it is one "kernel memory leak”And is caused by a memory problem, which allows malicious applications to Access the Kernel Memory |
Finally, the third vulnerability (CVE-2020-27932) allows the attacker to gain more privileges on the victim device (allows malicious applications execute code with kernel privileges).
"It simply came to our notice then targeted exploitation of vulnerabilities, similar to the other zero-day vulnerabilities we recently discoveredSaid Google's Shane Huntley. "They are not related to the elections".
Project Zero team has discovered five zero-day vulnerabilities in a few days
The last two weeks, the team security Google has discovered four other zero-day vulnerabilities, in addition to that of Apple.
A third error (CVE-2020-16010) caused by "heap buffer overflow"At Android UI. Google has fixed this vulnerability with its release Chrome version for Android, 86.0.4240.185.
Finally, Google researchers have discovered one zero-day vulnerability in Windows kernel affecting all versions between Windows 7 and Windows 10 (including these two versions). This vulnerability is expected to be fixed by Microsoft on November 10, with the release of Patch Tuesday November.
Source: Bleeping Computer