27 January 2021

Apple addresses three iOS zero days exploited in the wild


Apple addresses three iOS zero days exploited in the wild

Apple has released security updates for iOS and iPadOS designed to fix three dangerous vulnerabilities that may have been exploited in the real-world attacks.

The three zero days are CVE-2021-1782, CVE-2021-1870, and CVE-2021-1871. The first flaw affects the iOS operating system kernel. It exists due to a race condition in the Kernel component. A remote attacker can use a malicious application and escalate privileges on the system.

The other two flaws (CVE-2021-1871, CVE-2021-1870) impact the WebKit component and are described as a logic issue that allows a remote attacker to execute code by tricking a user into visiting a malicious website.

The above vulnerabilities affect Apple iOS versions 14.0, 14.1, 14.2, 14.3, and iPadOS v14.0, 14.1, 14.2, 14.3. The issues were addressed in iOS 14.4 and iPadOS 14.4. Apple did not provide additional details on how widespread the attack was, or who might have been behind it.

In November last year, the iPhone maker patched three actively exploited vulnerabilities in iOS (CVE-2020-27930, CVE-2020-27950, CVE-2020-27932). In December, Citizen Lab reported that a zero day bug in iOS was used to target Al Jazeera journalists.


Back to the list

Latest Posts

Free VPN apps on Google Play turned Android devices into residential proxies

Free VPN apps on Google Play turned Android devices into residential proxies

The threat actor behind this scheme profits by selling access to the residential proxy network to third parties.
28 March 2024
Cyber spies strike Indian government and energy sectors

Cyber spies strike Indian government and energy sectors

The operation involved phishing emails delivering the HackBrowserData info-stealer.
28 March 2024
Spyware makers and state-backed hackers are primary culprits behind rise in zero-day exploits, Google says

Spyware makers and state-backed hackers are primary culprits behind rise in zero-day exploits, Google says

97 zero-day flaws were exploited in-the-wild in 2023, marking an increase of over 50% compared to 2022.
27 March 2024