Apple’s Update for Zero-Day. If you use an Apple device running iOS, you’ll want to update it to the latest version (14.2) immediately.
In the latest update, Apple has a patch for a trio of ‘Zero-Day Vulnerabilities’ hackers use to exploit systems without these patches.
The three issues addressed are as follows:
CVE-2020-27930 – This issue is a remote code execution flaw in the iOS FontParser that allows attackers to execute commands arbitrarily, passing them through this gateway.
CVE-2020-27932 – This is a privilege escalation issue in the kernel of iOS that allows an attacker to run malicious code with kernel-level privileges.
CVE-2020-27950 – This one is a memory leak in the iOS kernel that allows an attacker to retrieve content from any iOS device’s kernel memory.
The three flaws found in attacking the vulnerable systems, are allowing an attacker to take complete control of any vulnerable device.
The fixes for the issues described above are also available for iPadOS, with the release of version 14.2, watchOS 5.3.8, 6.2.9, and 7.1. So, if you have an older generation iPhone, you can also have protection by downloading iOS version 12.4.9.
These issues appear to be related to a trio of recently discovered and patched flaws in ChromeOS and a single Zero-Day issue found in Windows 10. According to Shane Huntley, the Director of Google’s Threat Analysis Group, none of the recently discovered issues had anything to do with any election targeting. Although, Google declines to provide specific details about how these attacks work or their targets.
Zero-Day Vulnerabilities are as serious, so even if you’re not generally in a big rush updating your system, you need to make an exception in this case.
Kudos to Google for launching the Zero-Day project and to Apple for their fast action in addressing these recently discovered issues and patching them in a bid to help keep their users safe.