Security News > 2020 > November > Apple patches three actively exploited iOS zero-days
Apple has patched today three iOS zero-day vulnerabilities actively exploited in the wild and affecting iPhone, iPad, and iPod devices.
The zero-days were addressed by Apple earlier today, with the release of iOS 14.2, the mobile OS's latest stable version.
The third actively exploited bug is a kernel privilege escalation flaw caused by a type confusion issue that makes it possible for malicious applications to execute arbitrary code with kernel privileges.
Apple have fixed three issues reported by Project Zero that were being actively exploited in the wild.
The Project Zero researchers also disclosed an elevation of privileges zero-day in the Windows kernel exploited in the wild, affecting all versions between Windows 7 and Windows 10.
News URL
https://www.bleepingcomputer.com/news/security/apple-patches-three-actively-exploited-ios-zero-days/
Related news
- Apple Releases Critical iOS and iPadOS Updates to Fix VoiceOver Password Vulnerability (source)
- Apple fixes two zero-days used in attacks on Intel-based Macs (source)
- Apple Releases Urgent Updates to Patch Actively Exploited Zero-Day Vulnerabilities (source)
- Apple fixes 2 zero-days exploited to breach macOS systems (CVE-2024-44309, CVE-2024-44308) (source)
- Apple Patches Two Zero-Day Attack Vectors (source)