Zero-Day Vulnerabilities in iOS

Published on 06 Nov 2020

Updated on 06 Nov 2020

Apple has released security updates for iOS to patch three zero-day vulnerabilities. There have been reports of active exploitation of these vulnerabilities.

The vulnerabilities are:

•  CVE-2020-27930 — a remote code execution issue in the iOS FontParser component that lets attackers run code remotely on iOS devices.
•  CVE-2020-27932 — a privilege escalation vulnerability in the iOS kernel that lets attackers run malicious code with kernel-level privileges.
•  CVE-2020-27950 — a memory leak in the iOS kernel that allows attackers to retrieve content from an iOS device's kernel memory.

These vulnerabilities have been fixed in iOS 14.2, iPadOS 14.2 and watchOS 5.3.8, 6.2.9, and 7.1, and have also been backported for older generation iPhones via iOS 12.4.9.

iOS users are advised to install the latest security updates immediately.

References:
https://support.apple.com/en-us/HT211929
https://www.zdnet.com/article/apple-fixes-three-ios-zero-days-exploited-in-the-wild/