⋮  

Apple Releases iOS 14 / iPadOS 14 Security Changelog – Fixes Some Massive Vulnerabilities

By Rafia Shaikh  / 

Apple has just released its latest iOS 14.0 and iPadOS 14.0 for supported iPhone and iPad models. While there are tons of other reasons to make the upgrade, the iPhone maker has also fixed quite a few critical security flaws with today's releases.

Apple doesn't like to tag its security bugs with severity ratings, but take one look at the bugs below and you will know how serious they can turn out to be. From attackers being able to download malicious content to apps being able to see what other apps you have installed on your device, Apple has fixed some critical vulnerabilities with its latest release.

AirPods Pro Service Program for Tackling Crackling and Active Noise Cancellation Issues Has Been Launched by Apple

Here is the iPadOS 14 / iOS 14 security changelog

AppleAVD

Impact: An application may be able to cause unexpected system termination or write kernel memory

Description: An out-of-bounds write issue was addressed with improved bounds checking.

CVE-2020-9958: Mohamed Ghannam (@_simo36)

Assets

Impact: An attacker may be able to misuse a trust relationship to download malicious content

Description: A trust issue was addressed by removing a legacy API.

CVE-2020-9979: CodeColorist of Ant-Financial LightYear Labs

Icons

Impact: A malicious application may be able to identify what other applications a user has installed

Description: The issue was addressed with improved handling of icon caches.

CVE-2020-9773: Chilik Tamir of Zimperium zLabs

IDE Device Support

Impact: An attacker in a privileged network position may be able to execute arbitrary code on a paired device during a debug session over the network

Description: This issue was addressed by encrypting communications over the network to devices running iOS 14, iPadOS 14, tvOS 14, and watchOS 7.

CVE-2020-9992: Dany Lisiansky (@DanyL931), Nikias Bassen

IOSurfaceAccelerator

Impact: A local user may be able to read kernel memory

Description: A memory initialization issue was addressed with improved memory handling.

CVE-2020-9964: Mohamed Ghannam (@_simo36), Tommy Muir (@Muirey03)

Keyboard

Impact: A malicious application may be able to leak sensitive user information

Description: A logic issue was addressed with improved state management.

CVE-2020-9976: Rias A. Sherzad of JAIDE GmbH in Hamburg, Germany

Model I/O

Impact: Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution

Description: An out-of-bounds read was addressed with improved bounds checking.

CVE-2020-9973: Aleksandar Nikolic of Cisco Talos

Phone

Impact: The screen lock may not engage after the specified time period

Description: This issue was addressed with improved checks.

CVE-2020-9946: Daniel Larsson of iolight AB

Sandbox

Impact: A malicious application may be able to access restricted files

Description: A logic issue was addressed with improved restrictions.

CVE-2020-9968: Adam Chester(@xpn) of TrustedSec

Siri

Impact: A person with physical access to an iOS device may be able to view notification contents from the lockscreen

Description: A lock screen issue allowed access to messages on a locked device. This issue was addressed with improved state management.

CVE-2020-9959: an anonymous researcher, an anonymous researcher, an anonymous researcher, an anonymous researcher, an anonymous researcher, Andrew Goldberg The University of Texas at Austin, McCombs School of Business, Meli̇h Kerem Güneş of Li̇v College, Sinan Gulguler

WebKit

Impact: Processing maliciously crafted web content may lead to a cross site scripting attack

Description: An input validation issue was addressed with improved input validation.

CVE-2020-9952: Ryan Pickren (ryanpickren.com)

For more details on what's new with iOS 14 and iPadOS 14, check out the release notes here.

Products mentioned in this post

Apple Air Pod Pro
USD 199.99

The links above are affiliate links. As an Amazon Associate, Wccftech.com may earn from qualifying purchases.

Tweet Share
View Comments

Related

iPhone 12 Camera Repairs Cannot Be Done if Apple’s Proprietary Tool Isn’t Used

Apple One Bundle Subscriptions Are Now Available - Fitness+ Will Launch Later This Year

Apple CEO Tim Cook Says There Are ‘More Exciting Things’ Coming This Year, Possibly Referring to New ARM-Based Macs

Latest macOS Big Sur Beta Reveals That Apple Might Release Three New Mac Models

iPhone 12 Might Be Contributing To Increase In Low Air Quality in China