Google’s “Project Zero” discovered the three bugs, and is warning that hackers are actively exploiting them selectively. Apple on Thursday released a patch via the iOS 12.4.9 and iOS 14.2 updates, which can be applied to the iPhone 5s and later.
- CVE-2020-27930: This memory corruption flaw involves a “maliciously crafted font,” which can trigger the iPhone software to execute computer code, like downloading a hacker-controlled app. So it’s possible the vulnerability was used as the first stage in an attack, where the hacker sends a text message or email that contains the malicious font.
- CVE-2020-27932: This vulnerability can enable a hacker-controlled app on an iPhone to execute more computer code, but with privileges to access the kernel, the core of the iOS operating system.
- CVE-2020-27950: By exploiting this vulnerability, a hacker-controlled app on an iPhone can trigger the iOS kernel to leak memory.