Η Apple corrected yesterday three zero-day vulnerabilities on iOS, already used by cyber criminals and influencing Appliances iPhone, iPad and iPod.
Η company released the corrections and gave some information about the three zero-day vulnerabilities, saying that she learned about them through some reports that reached her hands.
According to Apple, the devices that are affected by iOS vulnerabilities are iPhone 6s and later, This makes it a perfect choice for people with diabetes and for those who want to lose weight or follow a balanced diet. 7th generation iPod touch, The iPad Air 2 and later and iPad mini 4 and later.
Zero-day bugs were fixed by Apple with its release iOS 14.2, the latest stable version of its mobile operating system.
Kernel and FontParser errors
Apple said one of the three vulnerabilities allows the remote code execution (RCE). This vulnerability has been named CVE-2020-27930 and is triggered by a memory issue related to the FontParser library.
The second iOS vulnerability (CVE-2020-27950) it is one "kernel memory leak”And is caused by a memory problem, which allows malicious applications to Access the Kernel Memory |
Finally, the third vulnerability (CVE-2020-27932) allows the attacker to gain more privileges on the victim device (allows malicious applications execute code with kernel privileges).
The one who discovered and informed Apple about the three iOS zero-day vulnerabilities was Project Zero, its security team Google.
"It simply came to our notice then targeted exploitation of vulnerabilities, similar to the other zero-day vulnerabilities we recently discoveredSaid Google's Shane Huntley. "They are not related to the elections".
Project Zero team has discovered five zero-day vulnerabilities in a few days
The last two weeks, the team security Google has discovered four other zero-day vulnerabilities, in addition to that of Apple.
Initially, Google fixed two such bugs that were already being used by cybercriminals. It was two vulnerabilities in Chrome (CVE-2020-15999 in the FreeType text-rendering library and CVE-2020-16009 in WebAssembly and JavaScript engine).
A third error (CVE-2020-16010) caused by "heap buffer overflow"At Android UI. Google has fixed this vulnerability with its release Chrome version for Android, 86.0.4240.185.
Finally, Google researchers have discovered one zero-day vulnerability in Windows kernel affecting all versions between Windows 7 and Windows 10 (including these two versions). This vulnerability is expected to be fixed by Microsoft on November 10, with the release of Patch Tuesday November.
Source: Bleeping Computer
Greek
Chinese (Simplified)
English
Greek
Russian