Security News > 2020 > December > Apple Patches Code Execution Flaws in iOS and iPadOS

Apple Patches Code Execution Flaws in iOS and iPadOS
2020-12-14 19:23

Apple on Monday released a major point-upgrade to its flagship iOS and iPadOS mobile operating systems to patch a handful of serious security vulnerabilities.

The iOS 14.3 and iPadOS 14.3 release will provide cover for 11 documented security flaws, some serious enough to expose iPhones and iPads to code execution attacks.

Apple patched two separate memory corruption issues in the way input is validated in certain font files and warned that a successful exploit "May lead to arbitrary code execution."

Apple said it improved input validation to fix the ImageIO bugs, which allow code execution via booby-trapped images.

The iOS and iPadOS patches also cover a logic error in App Store that may cause an enterprise application installation prompt to display the wrong domain; and a fix for a CoreAudio issue that could cause code execution via maliciously crafted audio files.


News URL

http://feedproxy.google.com/~r/Securityweek/~3/LAdJC4qOwYE/apple-patches-code-execution-flaws-ios-and-ipados

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Apple 72 238 1567 2279 265 4349