Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Apple addressed multiple code execution flaws in iOS and iPadOS

Apple addressed this week serious code execution vulnerabilities that affect its iOS and iPadOS mobile operating systems. Apple released security updates to fix multiple severe code execution vulnerabilities in its iOS and iPadOS mobile operating systems. The IT giant released iOS 14.3 and iPadOS 14.3 version to address eleven security vulnerabilities, including code execution flaws. […]

Apple zero-day

Apple addressed this week serious code execution vulnerabilities that affect its iOS and iPadOS mobile operating systems.

Apple released security updates to fix multiple severe code execution vulnerabilities in its iOS and iPadOS mobile operating systems.

The IT giant released iOS 14.3 and iPadOS 14.3 version to address eleven security vulnerabilities, including code execution flaws.

The most serious issue could be exploited by an attacker to execute malicious code on Apple iPhones and iPads via a malicious font file. The vendor fixed two font parsing issues tracked CVE-2020-27943 and CVE-2020-27944. 

“Processing a maliciously crafted font file may lead to arbitrary code execution.” reads the security advisory publishes by Apple.

“A memory corruption issue existed in the processing of font files. This issue was addressed with improved input validation.”

Apple also patched two memory corruption flaws that reside in the way input in certain font files is validated, threat actors could exploit them to achieve arbitrary code execution.

The company fixed three separate security bugs (CVE-2020-29617, CVE-2020-29618, CVE-2020-29619) that affect the ImageIO programming interface framework and which could be exploited to execute arbitrary code via specially-crafted images.    

The company also addressed an out-of-bounds write issue that may lead to arbitrary code execution by processing a maliciously crafted audio file.

Apple finally fixed a logic issue in App Store that can lead enterprise application installation into displaying the wrong domain.

[adrotate banner=”9″][adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, iPhones)

[adrotate banner=”5″]

[adrotate banner=”13″]