Security News > 2021 > January > Apple emits emergency iOS security updates while warning holes may have been exploited in wild by hackers

Apple today released software updates to patch vulnerabilities in iPhones and iPads that may have been exploited by miscreants to silently snoop on victims from afar.

Apple said it is "Aware of a report that this issue may have been actively exploited." How would one inject malicious code into a device? Look no further than.... CVE-2021-1871, CVE-2021-1870: Also fixed in iOS 14.4 and iPadOS 14.4, a logic bug in WebKit that can be exploited by a malicious webpage - opened in, say, Safari - to execute arbitrary code.

Again, Apple is aware this may have been exploited in the wild.

The CVE-2021-1782 flaw is also fixed in tvOS 14.4, available for Apple TV 4K and Apple TV HD models, and watchOS 7.3, available for the Apple Watch Series 3 and later.

In addition to these fixes, Apple also emitted Xcode 12.4 that fixes CVE-2021-1800, a bug that can be exploited by malicious applications running on someone's Mac to access a user's personal files.

The iOS and iPadOS patches come a day after Google revealed North Korea's hackers had targeted information security researchers, luring them to a website that seemingly contained a Chrome zero-day exploit to infect their Windows PCs and offering them malware-infected Visual Studio project files.

News URL

https://go.theregister.com/feed/www.theregister.com/2021/01/26/apple_ios_zero_days/