Apple has recently rolled out the latest iOS update for users. The update iOS 14.4 comes with patches for three serious zero-days actively exploited against Apple devices. Update your devices to the latest versions now.
Three Apple Zero-Days Under Exploit
An anonymous security researcher has reported three actively exploited zero-days to Apple.
As elaborated in their security update, one of these, CVE-2021-1782, existed in the Kernel. Exploiting this bug could allow an adversary to gain elevated privileges on the target device. Describing this bug, the advisory reads,
A race condition was addressed with improved locking.
Whereas, the other two bugs, CVE-2021-1870 and CVE-2021-1871, affected the WebKit. Exploiting these vulnerabilities could lead to arbitrary code execution. Describing these bugs, Apple stated,
A logic issue was addressed with improved restrictions.
For now, Apple hasn’t revealed any further details about the bugs to give maximum time to all users for updating their devices. Yet, they have admitted that the bugs may have been exploited in the wild. In such a scenario, it is even crucial to hide the technical details to avoid any further increase in the exploitation ratio.
The tech giant has fixed these bugs with the release of iOS 14.4 and iPadOS 14.4.
Since the bugs are under active attack, all users must ensure updating their devices to the latest version at the earliest. These updates are available for iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th gen).
Earlier, Apple addressed three other zero-days in November 2020, that caught the attention of a Google Security researcher. These bugs could lead to remote code execution, memory leak, and privilege escalation.
Apple fixed those bugs with the release of iOS 14.2. That time too, both the vendors and the researcher kept the details veiled to avoid any further exploitation of the flaws.
Let us know your thoughts in the comments.