Apple has just released its latest iOS 14.0 and iPadOS 14.0 for supported iPhone and iPad models. While there are tons of other reasons to make the upgrade, the iPhone maker has also fixed quite a few critical security flaws with today’s releases.
Apple doesn’t like to tag its security bugs with severity ratings, but take one look at the bugs below and you will know how serious they can turn out to be. From attackers being able to download malicious content to apps being able to see what other apps you have installed on your device, Apple has fixed some critical vulnerabilities with its latest release.
Here is the iPadOS 14 / iOS 14 security changelog
AppleAVD
Impact: An application may be able to cause unexpected system termination or write kernel memory
Description: An out-of-bounds write issue was addressed with improved bounds checking.
CVE-2020-9958: Mohamed Ghannam (@_simo36)
Assets
Impact: An attacker may be able to misuse a trust relationship to download malicious content
Description: A trust issue was addressed by removing a legacy API.
CVE-2020-9979: CodeColorist of Ant-Financial LightYear Labs
Icons
Impact: A malicious application may be able to identify what other applications a user has installed
Description: The issue was addressed with improved handling of icon caches.
CVE-2020-9773: Chilik Tamir of Zimperium zLabs
IDE Device Support
Impact: An attacker in a privileged network position may be able to execute arbitrary code on a paired device during a debug session over the network
Description: This issue was addressed by encrypting communications over the network to devices running iOS 14, iPadOS 14, tvOS 14, and watchOS 7.
CVE-2020-9992: Dany Lisiansky (@DanyL931), Nikias Bassen
IOSurfaceAccelerator
Impact: A local user may be able to read kernel memory
Description: A memory initialization issue was addressed with improved memory handling.
CVE-2020-9964: Mohamed Ghannam (@_simo36), Tommy Muir (@Muirey03)
Keyboard
Impact: A malicious application may be able to leak sensitive user information
Description: A logic issue was addressed with improved state management.
CVE-2020-9976: Rias A. Sherzad of JAIDE GmbH in Hamburg, Germany
Model I/O
Impact: Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution
Description: An out-of-bounds read was addressed with improved bounds checking.
CVE-2020-9973: Aleksandar Nikolic of Cisco Talos
Phone
Impact: The screen lock may not engage after the specified time period
Description: This issue was addressed with improved checks.
CVE-2020-9946: Daniel Larsson of iolight AB
Sandbox
Impact: A malicious application may be able to access restricted files
Description: A logic issue was addressed with improved restrictions.
CVE-2020-9968: Adam Chester(@xpn) of TrustedSec
Siri
Impact: A person with physical access to an iOS device may be able to view notification contents from the lockscreen
Description: A lock screen issue allowed access to messages on a locked device. This issue was addressed with improved state management.
CVE-2020-9959: an anonymous researcher, an anonymous researcher, an anonymous researcher, an anonymous researcher, an anonymous researcher, Andrew Goldberg The University of Texas at Austin, McCombs School of Business, Meli̇h Kerem Güneş of Li̇v College, Sinan Gulguler
WebKit
Impact: Processing maliciously crafted web content may lead to a cross site scripting attack
Description: An input validation issue was addressed with improved input validation.
CVE-2020-9952: Ryan Pickren (ryanpickren.com)
For more details on what’s new with iOS 14 and iPadOS 14, check out the release notes here.
The post Apple Releases iOS 14 / iPadOS 14 Security Changelog – Fixes Some Massive Vulnerabilities by Rafia Shaikh appeared first on Wccftech.
Powered by WPeMatico
