On Thursday, Apple announced a series of security updates to address three zero-day vulnerabilities that have been identified as actively exploited in the wild. The patches are part of updates for iOS, iPadOS, macOS, and watchOS, specifically targeting flaws within the FontParser component and kernel. These vulnerabilities could allow attackers to execute arbitrary code remotely, thereby gaining kernel-level privileges for executing malicious programs.
The zero-days were identified by Google’s Project Zero security research team, which reported their existence to Apple. In a proactive statement, Apple acknowledged the reports of exploits and confirmed that the vulnerabilities posed a significant risk but refrained from releasing further details to encourage users to implement the updates promptly and minimize exposure.
The impacted devices encompass a wide range of Apple products, including the iPhone 5s and subsequent models, the 6th and 7th generation iPod touch, various iPad models starting from iPad Air and iPad mini 2, and all Apple Watch Series from the first generation onward. The updates, which include versions iOS 12.4.9 and 14.2, iPadOS 14.2, watchOS 5.3.9, 6.2.9, and 7.1, as well as a supplemental update for macOS Catalina 10.15.7, are now available for users to install.
According to Apple’s security bulletin, the vulnerabilities can be summarized as follows: CVE-2020-27930 describes a memory corruption issue in the FontParser library that opens the door for remote code execution when handling specially crafted fonts. CVE-2020-27950 involves a memory initialization flaw allowing malicious applications to execute arbitrary code with elevated privileges, while CVE-2020-27932 pertains to a type-confusion issue that enables disclosure of kernel memory by malicious applications.
Shane Huntley, Director of Google’s Threat Analysis Group, characterized the situation as targeted exploitation occurring in the wild, emphasizing that it is not related to any election-centric attacks. This latest disclosure marks a continuation of recent zero-day findings by Google’s Project Zero, which has reported multiple vulnerabilities since mid-October. Highlights include a recent Chrome zero-day tied to the Freetype font rendering library and a Windows zero-day vulnerability, demonstrating a growing trend of active exploitation related to these vulnerabilities.
As organizations and users continue to assess the risks associated with cybersecurity threats, it is imperative to consider the MITRE ATT&CK framework. The identified vulnerabilities suggest potential tactics such as initial access through exploitation, privilege escalation via vulnerable software components, and persistence techniques that compromised applications might employ to remain undetected. It is advisable for users and organizations to stay vigilant and update their systems to curb potential malign activity.
As more information emerges about the broader implications of these vulnerabilities and whether they could be interconnected with previously reported incidents, the urgency for software updates cannot be overstated. Business owners are encouraged to prioritize security patches and educate their teams on recognizing potential threats, ensuring that their defenses remain robust against ever-evolving cyber risks.