Security News > 2020 > November > Apple patches three actively exploited iOS zero-days
Apple has patched today three iOS zero-day vulnerabilities actively exploited in the wild and affecting iPhone, iPad, and iPod devices.
The zero-days were addressed by Apple earlier today, with the release of iOS 14.2, the mobile OS's latest stable version.
The third actively exploited bug is a kernel privilege escalation flaw caused by a type confusion issue that makes it possible for malicious applications to execute arbitrary code with kernel privileges.
Apple have fixed three issues reported by Project Zero that were being actively exploited in the wild.
The Project Zero researchers also disclosed an elevation of privileges zero-day in the Windows kernel exploited in the wild, affecting all versions between Windows 7 and Windows 10.
News URL
https://www.bleepingcomputer.com/news/security/apple-patches-three-actively-exploited-ios-zero-days/
Related news
- Global Pressure Mounts for Apple as Brazilian Court Demands iOS Sideloading Within 90 Days (source)
- Apple fixes WebKit zero-day exploited in ‘extremely sophisticated’ attacks (source)
- Apple Releases Patch for WebKit Zero-Day Vulnerability Exploited in Targeted Attacks (source)
- Apple Backports Critical Fixes for 3 Recent 0-Days Impacting Older iOS and macOS Devices (source)
- Apple backports zero-day patches to older iPhones and Macs (source)
- Apple Rolls Out iOS 18.4 With New Languages, Emojis & Apple Intelligence in the EU (source)
- Apple fixes two zero-days exploited in targeted iPhone attacks (source)
- Apple Patches Two Actively Exploited iOS Flaws Used in Sophisticated Targeted Attacks (source)
- Apple plugs zero-day holes used in targeted iPhone attacks (CVE-2025-31200, CVE-2025-31201) (source)
- Apple Patches Two Zero-Days Used in ‘Extremely Sophisticated’ Attacks (source)