Apple patches exploited zero-days in iOS and iPadOS

By

Targeted exploitation, but not election related.

Users are advised to apply Apple's recent iOS and iPadOS 14.2 security update as soon as possible, as it fixes three chained vulnerabilties that the company said are being exploited in the wild.

Apple patches exploited zero-days in iOS and iPadOS

The three vulnerabilities were discovered by Google's Project Zero researchers who reported them to Apple and are also handled in Apple's iOS 12.4.9 update.

One memory corruption bug allows attackers to use a maliciously crafted font to cause run arbitrary code on users' devices.

An exploited memory initialisation issue that allows malicious applications to read operating system kernel memory was also found by Project Zero.

The security researchers also found a type confusion problem in iOS and iPadOS that allows malicious applications to run arbitrary code with kernel privileges.

Google's Threat Analysis Group director Shane Huntley said the zero-day vulnerabilities were deployed against specific targets.

A Google bug hunting tool, the Open Source Software Fuzz (OSS-Fuzz) found remote code execution vulnerabilities in the libxml2 library, which are patched in iOS and iPadOS 14.2.

In total, the 14.2 update handles 24 security issues, and also brings 100 new emojis.

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © iTnews.com.au . All rights reserved.
Tags:

Most Read Articles

Qantas facing 'significant' data theft after cyber attack

Qantas facing 'significant' data theft after cyber attack

Home Affairs officer accessed data on "friends and associates"

Home Affairs officer accessed data on "friends and associates"

Ex-student charged over Western Sydney University cyberattacks

Ex-student charged over Western Sydney University cyberattacks

Sportsbet recruits 'security champions' in shift-left strategy

Sportsbet recruits 'security champions' in shift-left strategy

Log In

  |  Forgot your password?