Apple released security updates to fix multiple severe code execution vulnerabilities in its iOS and iPadOS mobile operating systems.
The IT giant released iOS 14.3 and iPadOS 14.3 version to address eleven security vulnerabilities, including code execution flaws.
The most serious issue could be exploited by an attacker to execute malicious code on Apple iPhones and iPads via a malicious font file. The vendor fixed two font parsing issues tracked CVE-2020-27943 and CVE-2020-27944.
“Processing a maliciously crafted font file may lead to arbitrary code execution.” reads the security advisory publishes by Apple.
“A memory corruption issue existed in the processing of font files. This issue was addressed with improved input validation.”
Apple also patched two memory corruption flaws that reside in the way input in certain font files is validated, threat actors could exploit them to achieve arbitrary code execution.
The company fixed three separate security bugs (CVE-2020-29617, CVE-2020-29618, CVE-2020-29619) that affect the ImageIO programming interface framework and which could be exploited to execute arbitrary code via specially-crafted images.
The company also addressed an out-of-bounds write issue that may lead to arbitrary code execution by processing a maliciously crafted audio file.
Apple finally fixed a logic issue in App Store that can lead enterprise application installation into displaying the wrong domain.
(SecurityAffairs – hacking, iPhones)
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.