Skip to main content

Public advisory of scammers impersonating CSA and the SPF

Stay vigilant. Read the public advisory

Cyber Security Agency of Singapore
  1. Home
  2. Alerts & Advisories
  3. Alerts
  4. Zero-Day Vulnerabilities in iOS
Alerts

Zero-Day Vulnerabilities in iOS

6 November 2020

Apple has released security updates for iOS to patch three zero-day vulnerabilities. There have been reports of active exploitation of these vulnerabilities.

The vulnerabilities are:

•  CVE-2020-27930 — a remote code execution issue in the iOS FontParser component that lets attackers run code remotely on iOS devices.
•  CVE-2020-27932 — a privilege escalation vulnerability in the iOS kernel that lets attackers run malicious code with kernel-level privileges.
•  CVE-2020-27950 — a memory leak in the iOS kernel that allows attackers to retrieve content from an iOS device's kernel memory.

These vulnerabilities have been fixed in iOS 14.2, iPadOS 14.2 and watchOS 5.3.8, 6.2.9, and 7.1, and have also been backported for older generation iPhones via iOS 12.4.9.

iOS users are advised to install the latest security updates immediately.

References:
https://support.apple.com/en-us/HT211929
https://www.zdnet.com/article/apple-fixes-three-ios-zero-days-exploited-in-the-wild/

Back to top