[ad_1]
Upgrading to iOS 12.4.9 with older devices and iOS 13 to 14.2 is strongly recommended for all iPhone users.
Apple updated iOS 12 for the last time in mid-July 2020, there were no known security holes, and the update felt like the developers wanted to fix the worst bugs and stop maintaining the version. But last night there was a new version of iOS 12 as well as updates for macOS Catalina, iOS 14 and tvOS 14.
There are four CVE entries in the security notes, the first of which is more annoying than dangerous: Participants in a Facetime group call may inadvertently send video without noticing. The other three vulnerabilities concern Kernel and FontParser and can be found in each of yesterday’s updates for macOS Catalina, iOS and iPadOS 14, watchOS 7.1, watchOS 5.3.9 and watchOS 6.2.9, only with tvOS 14.2 these vulnerabilities are missing. In the case of the two kernel entries, Apple writes that it is aware of reports that these vulnerabilities are already used in attacks “in the wild”, ie on real end users, so they are true 0-day vulnerabilities. Incidentally, the Google security team has all three bugs,
Google Project Zero
, discovered and reported to Apple. The same bugs were also found in Chrome and Android.
It is currently unclear how many iOS users could be attacked by the discovered security vulnerabilities. The FontParser bug concerns the ability to execute any code remotely, theoretically it is possible to attack the iPhone with an email, a message or a chat without the attacker noticing.
The security company Zecops also confirms this
Having recorded attacks primarily on Chrome
. These find at least
held for two weeks
. The fact that Apple updated watchOS 5 and 6 in addition to iOS 12 shows that the 0 day gap was serious. iOS 13 hasn’t been updated by the way, if you’re still on the old version, now is the best time to upgrade to iOS 14.2.
.
[ad_2]
Source link
