Security News > 2021 > January > Apple emits emergency iOS security updates while warning holes may have been exploited in wild by hackers
Apple today released software updates to patch vulnerabilities in iPhones and iPads that may have been exploited by miscreants to silently snoop on victims from afar.
Apple said it is "Aware of a report that this issue may have been actively exploited." How would one inject malicious code into a device? Look no further than.... CVE-2021-1871, CVE-2021-1870: Also fixed in iOS 14.4 and iPadOS 14.4, a logic bug in WebKit that can be exploited by a malicious webpage - opened in, say, Safari - to execute arbitrary code.
Again, Apple is aware this may have been exploited in the wild.
The CVE-2021-1782 flaw is also fixed in tvOS 14.4, available for Apple TV 4K and Apple TV HD models, and watchOS 7.3, available for the Apple Watch Series 3 and later.
In addition to these fixes, Apple also emitted Xcode 12.4 that fixes CVE-2021-1800, a bug that can be exploited by malicious applications running on someone's Mac to access a user's personal files.
The iOS and iPadOS patches come a day after Google revealed North Korea's hackers had targeted information security researchers, luring them to a website that seemingly contained a Chrome zero-day exploit to infect their Windows PCs and offering them malware-infected Visual Studio project files.
News URL
https://go.theregister.com/feed/www.theregister.com/2021/01/26/apple_ios_zero_days/
Related news
- Apple releases iOS 18, with security and privacy improvements (source)
- Hackers leak 2.7 billion data records with Social Security numbers (source)
- Hackers posing as Ukraine’s Security Service infect 100 govt PCs (source)
- Hackers steal banking creds from iOS, Android users via PWA apps (source)
- Russian APT29 hackers use iOS, Chrome exploits created by spyware vendors (source)
- Docker-OSX image used for security research hit by Apple DMCA takedown (source)
- Week in review: Critical VMware vCenter Server bugs fixed, Apple releases iOS 18 (source)
- Apple's latest macOS release is breaking security software, network connections (source)
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2021-04-02 | CVE-2021-1800 | Unspecified vulnerability in Apple Xcode A path handling issue was addressed with improved validation. network apple | 4.3 |
2021-04-02 | CVE-2021-1870 | A logic issue was addressed with improved restrictions. | 9.8 |
2021-04-02 | CVE-2021-1871 | A logic issue was addressed with improved restrictions. | 9.8 |
2021-04-02 | CVE-2021-1782 | Improper Locking vulnerability in Apple products A race condition was addressed with improved locking. | 7.0 |