Apple patches iOS against 3 actively exploited 0-days found by Google

Dan Goodin

from Ars Technica - All content on 2020-11-05 21:26 (#5A0KW)

Apple has patched iOS against three zero-day vulnerabilities that attackers were actively exploiting in the wild. The attacks were discovered by Google's Project Zero vulnerability research group, which over the past few weeks has detected four other zero-day exploits-three against Chrome and a third against Windows.

The security flaws affect iPhone 6s and later, seventh-generation iPod touches, iPad Air 2s and later, and iPad mini 4s and later. The flaws are:

CVE-2020-27930, a code-execution vulnerability that attackers can trigger using maliciously crafted fonts
CVE-2020-27950, which allows a malicious app to obtain the locations in kernel memory, and
CVE-2020-27932, a bug that allows code to run with highly privileged system rights.

Apple has fixed the zero-days and other vulnerabilities with the release of iOS 14.2 earlier. Apple patched the same vulnerabilities in the Supplementary Update for macOS Catalina 10.15.7. Project Zero leader Ben Hawkes provided his own bare-bones disclosure here.

Read 2 remaining paragraphs | Comments

index?i=3Ml8tVsKDQs:4-Km5Z0YOSs:V_sGLiPB

index?i=3Ml8tVsKDQs:4-Km5Z0YOSs:F7zBnMyn

Source	RSS or Atom Feed
Feed Location	http://feeds.arstechnica.com/arstechnica/index
Feed Title	Ars Technica - All content
Feed Link	https://arstechnica.com/