Apple Patches Three Actively Exploited Zero-Days, Part of iOS Emergency Update
#1
Information 
Quote:Apple continues to put out potential security fires by patching zero-day vulnerabilities, releasing an emergency update this week to patch three more recently discovered in iOS after a major software update in November already fixed three that were being actively exploited.
 
The newly patched bugs are part of a security update released Tuesday for iOS 14.4 and iPadOS 14.4. One bug, tracked as CVE-2021-1782, was found in the OS kernel, while the other two–CVE-2021-1870 and CVE-2021-1871–were discovered in the WebKit browser engine.
 
The most recent vulnerabilities apparently weren’t known when Apple released iOS 14.2 and iPadOS 14.2, a comprehensive update that patched a total of 24 vulnerabilities back in November. That update included fixes for three zero-day flaws discovered by the Google Project Zero team that were actively being exploited in the wild.
 
Attackers also may be actively taking advantage of the latest bugs, according to Apple. The company described the kernel flaw as a “a race condition” that the update addresses “with improved locking.” If exploited, the vulnerability can allow a malicious application to elevate privileges.
 
The WebKit vulnerabilities are both logic issues that the update addresses with improved restrictions, according to Apple. Exploiting these flaws would allow a remote attacker “to cause arbitrary code execution,” the company said.
 
All the zero-days and thus the fixes affect iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation), according to Apple. Security experts believe the three are part of an exploit chain attackers can use to escalate privileges and compromise a device after its unsuspecting user falls victim to a malicious website leveraging the WebKit flaw.

Read more: https://threatpost.com/apple-patches-zer...te/163374/
[-] The following 1 user says Thank You to silversurfer for this post:
  • harlan4096
Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)
[-]
Welcome
You have to register before you can post on our site.

Username/Email:


Password:





[-]
Recent Posts
NanaZip 6.5 Update (6.5.1767.0)
NanaZip 6.5 Update...harlan4096 — 19:15
Microsoft Edge 150 Adds Google Account S...
Microsoft has adde...harlan4096 — 10:26
Free Download Manager 6.34.2.6926
Changes in 6.34.2....harlan4096 — 09:37
Bitdefender 27.0.60.341
Latest version of ...harlan4096 — 09:34
Microsoft Edge 150.0.4078.48
Version 150.0.4078...harlan4096 — 09:33

[-]
Birthdays
Today's Birthdays
No birthdays today.
Upcoming Birthdays
avatar (47)dapedDow
avatar (49)TromPerl
avatar (46)RidgeDimb
avatar (37)ipumaqar
avatar (51)tanliorsPeri
avatar (43)lapedDow
avatar (49)rituabew
avatar (37)omyjul
avatar (41)papedDow
avatar (50)ArnoldFum
avatar (38)yfaza
avatar (49)Kevensi
avatar (48)ConradRoand
avatar (39)boineDon
avatar (51)spoofTum
avatar (50)WillieVot
avatar (40)Grompelbawn
avatar (41)vkseogaF
avatar (37)usogy
avatar (40)ywixazok
avatar (38)ixoqe
avatar (56)Step 1
avatar (36)pa.OpenTran

[-]
Online Staff
There are no staff members currently online.

>