Apple has released security updates to fix several serious code execution vulnerabilities in its IOS and iPad OS mobile operating systems.
The IT giant has released IOS 14.3 and iPad OS 14.3 to address 11 security vulnerabilities, including code execution defects.
An attacker could use the most serious problem to execute malicious code on Apple iPhone and iPad via malicious font files. The vendor fixed two font resolution issues, cve-2020-27943 and cve-2020-27944.
“Processing a maliciously crafted font file may result in arbitrary code execution.” Read Apple’s security bulletin.
“Memory corruption in font file processing. This problem has been solved by improving input validation. “
Apple has also fixed two memory corruption vulnerabilities in the way that input in certain font files is verified, which can be used by threat participants to implement arbitrary code execution.
The company has fixed three separate security bugs (cve-2020-29617, cve-2020-29618, cve-2020-29619), which affect the imageio programming interface framework and can be used to execute arbitrary code via specially designed images.
The company has also solved the cross-border write problem, which could lead to arbitrary code execution by processing maliciously crafted audio files.
Apple finally fixed a logical problem in the app store that could cause the wrong domain to be displayed in the enterprise application installation.