Apple released security updates to fix multiple severe code execution vulnerabilities in its iOS and iPadOS mobile operating systems.
The IT giant released iOS 14.3 and iPadOS 14.3 version to address eleven security vulnerabilities, including code execution flaws.
The most serious issue could be exploited by an attacker to execute malicious code on Apple iPhones and iPads via a malicious font file. The vendor fixed two font parsing issues tracked CVE-2020-27943 and CVE-2020-27944.
“Processing a maliciously crafted font file may lead to arbitrary code execution.” reads the security advisory publishes by Apple.
“A memory corruption issue existed in the processing of font files. This issue was addressed with improved input validation.”
Apple also patched two memory corruption flaws that reside in the way input in certain font files is validated, threat actors could exploit them to achieve arbitrary code execution.
The company fixed three separate security bugs (CVE-2020-29617, CVE-2020-29618, CVE-2020-29619) that affect the ImageIO programming interface framework and which could be exploited to execute arbitrary code via specially-crafted images.
The company also addressed an out-of-bounds write issue that may lead to arbitrary code execution by processing a maliciously crafted audio file.
Apple finally fixed a logic issue in App Store that can lead enterprise application installation into displaying the wrong domain.
(SecurityAffairs – hacking, iPhones)