State of New Jersey SealOFFICIAL SITE OF THE STATE OF NEW JERSEY

Apple iOS Zero-Day Vulnerabilities Exploited in the Wild

NJCCIC Alert

Original Release Date: 11/12/2020

Summary

Apple has patched three actively exploited iOS zero-day vulnerabilities. CVE-2020-27930 is a remote code execution flaw triggered by a memory corruption issue. CVE-2020-27950 is a memory initialization flaw, which causes a kernel memory leak that may allow malicious applications to gain access to kernel memory. CVE-2020-27932 is a kernel privilege escalation flaw, a type confusion issue that allows malicious applications to run arbitrary code with kernel privileges. Affected devices include iPhone 6s and later, iPod touch 7th generation, iPad Air 2 and later, and iPad mini 4 and later. Google’s Project Zero researchers who identified the flaws indicated that these vulnerabilities were used in targeted attacks.

Recommendations

The NJCCIC recommends users of affected iOS devices to update to iOS and iPadOS 14.2 immediately. Further details can be found in the Bleeping Computer article.

Join & Subscribe

Never miss an update! Sign up for a no cost membership today! Receive up-to-date content and more in our weekly bulletin.

Sign Up

Featured Content

New Jersey Cybersecurity & Communications Integration Cell

2 Schwarzkopf Dr, Ewing Township, NJ 08628

njccic@cyber.nj.gov

OUR COMMITMENT

The NJCCIC is a component organization within the New Jersey Office of Homeland Security and Preparedness. We are the State's one-stop-shop for cyber threat analysis, incident reporting, and information sharing and are committed to making New Jersey more resilient to cyber threats by spreading awareness and promoting the adoption of best practices.

Agency Seals of State of NJ, NJOHSP and NJCCIC

STAY CONNECTED:

View our Privacy Policy here.

View our Site Index here.