Apple has released a security update for the iOS mobile operating system at aim to fix three zero-day vulnerabilities that were discovered as actively exploited to carry out attacks on some users of iPhone. It is unclear whether the vulnerabilities were exploited for sweeping attacks or to conduct operations on specific targets, but in any case, iOS users are obviously advised to update to the version immediately 14. 2 of iOS.

Three 0-day vulnerabilities on iOS: update now!

The vulnerabilities are as follows:

• CVE – 2020 – 27930 : possibility of remote code execution for the component iOS FontParser which may allow attackers to remotely execute code on iOS devices
• CVE – 2020 – 27932 : elevation of privilege vulnerability in iOS kernel that could allow attackers to run malicious code with kernel level privileges
• CVE – 2020 – 27950 : memory leak in the iOS kernel that allows attackers to retrieve contents from the kernel memory of an iOS device

The vulnerabilities are were discovered by Google’s Project Zero team, which reports that the same security bugs have also been fixed in iPadOS 14. 2, watchOS 5.3.8 , 6.2.9 and 7.1 and patches have also been released for older generation iPhones and included in iOS 12. 4.9.

No other information has been disclosed, such as who the attackers and / or their targets may be. However, it is believed that the three vulnerabilities may have been used in synergy with each other, as part of a chain of attack, to compromise iPhone devices remotely.

Updates, as usual, are available through the “Software update” mechanism integrated in all devices equipped with the operating systems mentioned above.