Apple released updates today security for iOS (iOS 14.2) to fix three vulnerabilities (0day) detected in attacks on its users.
According to Shane Huntley, Director of Google Threat Analysis Team, the three iOS 0days are related to recent Chrome vulnerabilities and one 0day of Windows which Google had announced in the last two weeks.
Targeted exploitation in the wild similar to the other recently reported 0 days. Not related to any election targeting.
- Shane Huntley (@ShaneHuntley) November 5, 2020
Google did not provide details on who the attackers were or what their targets were.
According to Google Project Zero team leader Ben Hawkes, whose team discovered and reported the attacks on Apple, iOS 3 0days are:
- CVE-2020-27930 - ένα πρόβλημα απομακρυσμένης εκτέλεσης κώδικα στο στοιχείο του iOS FontParser που επιτρέπει στους εισβολείς να τρέξουν κώδικα από απόσταση σε συσκευές με iOS.
- CVE-2020-27932 - μια ευπάθεια κλιμάκωσης προνομίων στον πυρήνα του iOS επιτρέπει στους εισβολείς να τρέξουν κακόβουλο κώδικα με δικαιώματα σε επίπεδο kernel.
- CVE-2020-27950 - διαρροή μνήμηs in the iOS kernel that allows attackers to retrieve content from the kernel memory of an iOS device.
All three bugs are believed to have been used together, allowing intruders to breach iPhones remotely.