Security News > 2020 > September > Apple Bug Allows Code Execution on iPhone, iPad, iPod

Apple Bug Allows Code Execution on iPhone, iPad, iPod
2020-09-17 20:23

Apple has updated its iOS and iPadOS operating systems, which addressed a wide range of flaws in its iPhone, iPad and iPod devices.

In total, Apple addressed 11 bugs in products and components, including AppleAVD, Apple Keyboard, WebKit and Siri.

According to researchers at IBM's X-Force, one of the most significant bugs patched by Apple is a privilege-escalation vulnerability impacting Apple iOS and iPadOS. Tracked as CVE-2020-9992, the vulnerability could be exploited if a target were tricked into opening a specially crafted file.

Apple traced the bug to an unidentified integrated drive electronics component, which are the interfaces used to pass data from a device's motherboard to the device's storage component.

Apple describes Xcode as "a complete developer toolset for creating apps for Mac, iPhone, iPad, Apple Watch and Apple TV.".


News URL

https://threatpost.com/apple-bug-code-execution-iphone/159332/

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2020-10-16 CVE-2020-9992 Unspecified vulnerability in Apple Iphone OS
This issue was addressed by encrypting communications over the network to devices running iOS 14, iPadOS 14, tvOS 14, and watchOS 7.
local
low complexity
apple
7.8

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Apple 68 212 1433 2208 257 4110