Apple releases November 2020 security updates for macOS, iOS (multiple vulnerabilities exploited in wild)

Apple releases November 2020 security updates for macOS, iOS (multiple vulnerabilities exploited in wild)

Apple has released security updates to fix vulnerabilities in macOS Catalina 10.15.7, iOS 14.2 and other products. Multiple vulnerabilities have been reported exploited in the wild.

A hacker could exploit some of these vulnerabilities to take control of affected devices.

iOS and iPadOS 14.2

The latest iOS 14.2 and iPadOS 14.2 security update addresses 24 vulnerabilities on November 5, 2020.

The vulnerabilities impact iPhone 6s and later, iPod touch 7th generation, iPad Air 2 and later, and iPad mini 4 and later.

One of the most notable updates addresses a Kernel vulnerability CVE-2020-27932 exploited in the wild. The flaw could allow a malicious application to execute arbitrary code with kernel privileges.

“Apple is aware of reports that an exploit for this issue exists in the wild,” Apple warned in the advisory.

Furthermore, Apple patched a second FontParser vulnerability CVE-2020-27930 exploited in the wild.

To add, another iOS vulnerability CVE-2020-27902 affects Keyboard authentication vulnerability.

“A person with physical access to an iOS device may be able to access stored passwords without authentication,” Apple stated.

Previously, Apple added new Privacy features for iOS 14.0. For example, you will see a new recording feature (on top right of screen) that displays whether an app is using your microphone or camera.

Furthermore, Apple also added new information on the App Store to help iPhone users understand the privacy practices of every app before they download them.

macOS security updates

Apple released macOS Catalina 10.15.7 Supplemental Update, macOS Catalina 10.15.7 Update on November 5 that addresses three vulnerabilities.

Apple confirmed all three of the macOS vulnerabilities are being exploited in the wild.

Two of those are kernel vulnerabilities CVE-2020-27932 and CVE-2020-27950. The third addresses a FontParser vulnerability CVE-2020-27930.

watchOS 7.1

The latest Apple Watch 7.1 security update addresses 18 vulnerabilities that impact Apple Watch Series 3 and later models.

Similar to the iOS updates, Apple also addressed the same Kernel vulnerability CVE-2020-27932 and FontParser vulnerability CVE-2020-27930 exploited in the wild.

Other Apple products

Finally, Apple fixed a number of vulnerabilities in other Apple products to include:

Readers can also check out the Apple Security Updates page for all the latest updates.

Related Articles