Apple patches exploited zero-days in iOS and iPadOS

By on
Apple patches exploited zero-days in iOS and iPadOS

Targeted exploitation, but not election related.

Users are advised to apply Apple's recent iOS and iPadOS 14.2 security update as soon as possible, as it fixes three chained vulnerabilties that the company said are being exploited in the wild.

The three vulnerabilities were discovered by Google's Project Zero researchers who reported them to Apple and are also handled in Apple's iOS 12.4.9 update.

One memory corruption bug allows attackers to use a maliciously crafted font to cause run arbitrary code on users' devices.

An exploited memory initialisation issue that allows malicious applications to read operating system kernel memory was also found by Project Zero.

The security researchers also found a type confusion problem in iOS and iPadOS that allows malicious applications to run arbitrary code with kernel privileges.

Google's Threat Analysis Group director Shane Huntley said the zero-day vulnerabilities were deployed against specific targets.

A Google bug hunting tool, the Open Source Software Fuzz (OSS-Fuzz) found remote code execution vulnerabilities in the libxml2 library, which are patched in iOS and iPadOS 14.2.

In total, the 14.2 update handles 24 security issues, and also brings 100 new emojis.

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © . All rights reserved.

Most Read Articles

Log In

  |  Forgot your password?