Severity Rating: High
Software Affected
Apple iOS versions prior to iOS 12.5 (iPhone 5s, iPhone 6, iPhone 6 Plus,
iPad Air, iPad mini 2, iPad mini 3, and iPod touch (6th generation))
Apple iOS versions prior to iOS 14.3 (for iPhone 5s, iPhone 6, iPhone 6
Plus, iPhone 6s and later, iPod touch (6th generation and 7th generation))
Apple iPadOS versions prior to 14.3 (for iPad Air, iPad mini 2, iPad mini
3, iPad Air 2 and later, iPad mini 4 and later)
Overview
Multiple vulnerabilities have been reported in Apple iOS and iPadOS which
could be exploited by an attacker to execute arbitrary code, disclose
sensitive information, bypass security restrictions or display wrong domain
on a targeted system.
Description
These vulnerabilities exist due to improper input validation, improper
state management, improper bound checking or improper memory management
issues in Security, App Store, CoreAudio, FontParser, ImageIO andWebRTC
components of Apple iOS and iPadOS.
Successful exploitation of these vulnerabilities could allow the attacker
to execute arbitrary code, disclose sensitive information, bypass security
restrictions or display wrong domain on a targeted system.
Solution
Apply appropriate updates as mentioned in the Apple Security Updates
Vendor Information
Apple
References
Apple
CVE Name
CVE-2020-27951
CVE-2020-29613
CVE-2020-27948
CVE-2020-27946
CVE-2020-27943
CVE-2020-27944
CVE-2020-29617
CVE-2020-29619
CVE-2020-29618
CVE-2020-29611
CVE-2020-15969
About Cert Advisory
We have created this blog to provide latest security advisory from the india cert for the security vulnerability, threats, attacks and patching required to mitigate any kind of cyber attacks.