High Threat Security Alert (A20-11-02): Multiple Vulnerabilities in Apple iOS and iPadOS


 

Published on: 06 November 2020

  
  

Description:

Apple has released both iOS 14.2 and iPadOS 14.2 as well as iOS 12.4.9 to fix multiple vulnerabilities in various Apple devices. The list of vulnerability information can be found at:

https://support.apple.com/en-us/HT211929
https://support.apple.com/en-us/HT211940

Reports indicate that the vulnerabilities (CVE-2020-27930, CVE-2020-27932, CVE-2020-27950) are being exploited in the wild. You are advised to take immediate action to patch the affected systems to mitigate the elevated risk of cyber attacks.

 

Affected Systems:

  • iPhone 5s and later
  • iPad Air and later, iPad mini 2 and later
  • iPod touch (6th and 7th generation)

 

Impact:

A successful attack could lead to arbitrary code execution, escalation of privilege, information disclosure, security restriction bypass or unexpected system termination.

 

Recommendation:

Apple has released new versions of iOS and iPadOS to address the issue.

The updates can be obtained through the auto-update mechanism. Users of affected systems should follow the recommendations provided by the product vendor and take immediate actions to mitigate the risk.

 

More Information:

https://support.apple.com/en-us/HT211929
https://support.apple.com/en-us/HT211940
https://www.hkcert.org/my_url/en/alert/20110602
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9974
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10002 (to CVE-2020-10004)
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10010
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10011
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10016
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10017
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13524
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27902
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27905
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27909 (to CVE-2020-27912)
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27916 (to CVE-2020-27918)
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27925 (to CVE-2020-27927)
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27929
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27930
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27932
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27950

 



Tag: Apple , iOS , iPhone , iPad , iPod , iPadOS
Tags