Security News > 2021 > January > Apple Warns of 3 iOS Zero-Day Security Vulnerabilities Exploited in the Wild

Apple on Tuesday released updates for iOS, iPadOS, and tvOS with fixes for three security vulnerabilities that it says may have been actively exploited in the wild.

The iPhone maker did not disclose how widespread the attack was or reveal the identities of the attackers actively exploiting them.

While the privilege escalation bug in the kernel was noted as a race condition that could cause a malicious application to elevate its privileges, the other two shortcomings - dubbed a "Logic issue" - were discovered in the WebKit browser engine, permitting an attacker to achieve arbitrary code execution inside Safari.

Apple said the race condition and the WebKit flaws were addressed with improved locking and restrictions, respectively.

Such an attack would involve delivering the malicious code simply by visiting a compromised website that then takes advantage of the aforementioned vulnerabilities to escalate its privileges and run arbitrary commands to take control of the device.

The updates are now available for iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch, as well as Apple TV 4K and Apple TV HD. News of the latest zero-days comes after the company resolved three actively exploited vulnerabilities in November 2020 and a separate zero-day bug in iOS 13.5.1 that was disclosed as used in a cyberespionage campaign targeting Al Jazeera journalists last year.

News URL

http://feedproxy.google.com/~r/TheHackersNews/~3/Jn5sjgwdxxQ/apple-warns-of-3-ios-zero-day-security.html