On November 5th of 2020 Apple has announced new iOS versions coming with few features such as new Emojis, however most importantly comes with urgent security patches for vulnerabilities which are currently being exploited in the wild. The primary security risk comes in form of remote code execution using maliciously crafted fonts or images allowing further exploitation of iPhones, iPads, Apple Watches, macOS Catalina & tvOS.
- The vulnerabilities have been publicly disclosed by Ben Hawkes the technical director of Google's Project Zero highlighting three distinct vulnerabilities, which when combined can lead to highly vulnerable attack on iOS devices:
- CVE-2020-27930 a code-execution vulnerability that attackers can trigger using maliciously crafted fonts
- CVE-2020-27950 which allows a malicious app to disclose kernel memory
- CVE-2020-27932 which is a bug allowing code to be run with highly privileged system rights.
- Fortunately as long as you have an iPhone 6s or later there is a fix available for you in form of the backported version of iOS 12.4.9 for the older devices and iOS 14.2 and iPadOS 14.2 for all the latest iPhones & iPads, macOS Catalina 10.15.7, tvOS 14.2 along with watchOS 5.3.8, 6.2.9, and 7.1,
- Shane Huntley of Google's Threat Analysis Group reassures the public that although those exploits were actually used in the wild they had no impact on the US presidential election so far.
Related Reading
- Someone just paid 23.5 ETH in fees for a $120 transaction via Metamask
- Brave Desktop Browser gets an update
- Bitcoin Network hash rate bounces back
- Scam Alert: Ledger SMS
- Ledger phishing emails
- WordPress auto update fiasco
- Bitcoin Network is getting clogged up
- Google discloses a Windows Zero-Day vulnerability
- New Chromium Zero-Day bug under exploitation in the wild
- Cyber Threat On The Rise
- Surfing the net a bit more securely
- Monero's Oxygen Orion Upgrade Successful
- Grants for d(apps) to be built on top of Raiden Network (L2)
Ongoing crypto free earn campaigns:
- Coinbase Learn & Earn up to $50 of EOS
- Brave Rewards in privacy respecting web browser