What code execution vulnerabilities does Apple fix in iOS and iPadOS?

Apple this week fixed multiple critical code execution vulnerabilities affecting its iOS and iPadOS mobile operating systems.

The IT giant released iOS 14.3 and iPadOS 14.3, which fixed 11 security vulnerabilities, including code execution vulnerabilities.

The most serious vulnerabilities in malicious font files can be exploited by attackers to execute malicious code on Apple iPhones and iPads. It is this manufacturer that has patched two font parsing vulnerabilities, CVE-2020-27943 and CVE-2020-27944.

Apple stated in the security advisory that these two vulnerabilities exist in the FontParser component and that there is memory corruption in the function of processing font files. The vulnerabilities have been fixed by optimizing input validation.

This time, Apple also fixed two memory corruption vulnerabilities. These two vulnerabilities exist in the input validation method of certain font files and can be used by attackers to execute arbitrary code.

The company has fixed three additional security vulnerabilities (CVE-2020-29617, CVE-2020-29618, CVE-2020-29619) affecting the ImageIO programming interface framework, which attackers can exploit with the help of specially constructed images. These vulnerabilities execute arbitrary code.

The company also fixed an out-of-bounds write vulnerability that could have been exploited by an attacker to execute arbitrary code via a maliciously crafted audio file.

Finally, Apple has resolved a logic flaw in the App Store that could have caused installations of enterprise apps to display domain errors.

The above is the detailed content of What code execution vulnerabilities does Apple fix in iOS and iPadOS?. For more information, please follow other related articles on the PHP Chinese website!