Apple Patched Three iOS Zero-Day Bugs Following Google’s Discovery

Recently, Google researchers revealed a zero-day vulnerability affecting Microsoft Windows. It seems they also analyzed other systems as they reported three zero-day vulnerabilities affecting iOS as well. Apple has released fixes for the vulnerabilities.

Three iOS Zero-Day Bugs

Security researchers from Google Project Zero discovered three iOS zero-day bugs that they reported to Apple.

The news surfaced online after Ben Hawkes from Project Zero mentioned the bugs in his tweet.

As disclosed, the three under attack bugs affecting iOS devices include CVE-2020-27930: a code execution vulnerability affecting the FontParser due to memory corruption, CVE-2020-27950: a memory initialization issue, and CVE-2020-27932: a type confusion flaw leading to arbitrary code execution. The latter two bugs specifically existed in the Kernel.

Previously, Google also disclosed a yet unpatched zero-day vulnerability affecting the Windows Kernel (CVE-2020-17087). While Microsoft is yet to patch the vulnerability, Google has addressed a Chrome zero-day (CVE-2020-15999) that could trigger a chain reaction with Windows zero-day.

Maintaining their standard policy, Google hasn’t revealed any details about the three iOS bugs to allow most users to patch their devices.

The only thing they confirmed is the targeted exploitation of the flaws.

Apple Fixed The Vulnerabilities

Apple has released fixes for the bugs with the release of iOS 14.2 and iPadOS 14.2. The corresponding devices that can receive this update include iPhone 6s and later, iPod touch 7th generation, iPad Air 2 and later, and iPad mini 4 and later. The tech giant has also confirmed in the security bulletin that it is aware of active exploitation of the three flaws.

However, it seems that the bugs not only affect the latest iOS 14, but also the previous versions. Besides iOS 14.2, Apple has also fixed the same bugs with the release of iOS 12.4.9 simultaneously. The latter is available for iPhone 5s, iPhone 6 and 6 Plus, iPad Air, iPad mini 2 and 3, iPod touch (6th generation).

Related posts

Opera Browser Vulnerability Could Allow Exploits Via Browser Extensions

Hard-Coded Credentials Vulnerability Found In Kubernetes Image Builder

Critical Vulnerability Patched In Jetpack WordPress Plugin