Apple Fixed Serious Actively Exploited Zero-Day Bug With iOS 14.4.2

Heads up iOS users! Make sure to update your devices with the latest iOS version at the earliest. That’s because Apple has recently fixed a serious iOS zero-day bug that the attackers are actively exploiting.

Apple Zero-Day Under Attack Targeting iOS Users

Security researchers Clement Lecigne and Billy Leonard of Google Threat Analysis Group have caught a serious vulnerability in iOS devices.

Tracked as CVE-2021-1879, the vulnerability primarily resides in Apple’s WebKit browser engine.

What makes this bug more serious is that it attracted the attention of criminal hackers before the researchers or Apple. Thus, it went under attack even before Apple could know or address it.

Upon detecting the bug, the researchers reached out to Apple to report the matter. Consequently, the Cupertino giant investigated the vulnerability and admitted its exploitation in the wild besides patching it. As stated in their advisory,

Apple is aware of a report that this issue may have been actively exploited.

Whereas, describing the impact of the bug and the subsequent, the advisory reads,

Processing maliciously crafted web content may lead to universal cross site scripting… This issue was addressed by improved management of object lifetimes.

Patches Released For iPhones, iPads, and WatchOS

Apart from the recent iOS, the same zero-day bug also affects older devices such as the iPhone 5s. Also, this bug affects Apple Watch too.

Hence, Apple has fixed the vulnerability with the release of iOS 14.4.2 and iPadOS 14.4.2. The new updates are available for iPhone 6s and later, iPad Pro (all models), iPad 5th generation and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th gen).

Whereas, the tech giant has released the patch for older devices with iOS 12.5.2. This update applies to iPhone 6, iPhone 6 Plus, iPhone 5s, iPad Air, iPad mini 2, iPad mini 3, and iPod touch (6th gen).

As for the Apple Watch users, they should update their wearables with watchOS 7.3.3. This update applies to Apple Watch Series 3 and later.

Related posts

Water Facilities Must Secure Exposed HMIs – Warns CISA

Microsoft December Patch Tuesday Arrived With 70+ Bug Fixes

NachoVPN Attack Risks Corporate VPN Clients