Security News > 2021 > January > Apple critical patches fix in-the-wild iPhone exploits – update now!
Apple, rather unusually in today's cybersecurity world, rarely announces that security fixes are on the way.
Apple doesn't disclose, discuss or confirm security issues until an investigation has occurred and patches or releases are generally available.
The idea behind security patches that "Just show up" is that as soon as any update is announced or published, crooks and legitimate researchers alike start trying to work backwards from the fix in order to figure out the details of the underlying vulnerability and how it might be exploited.
The flipside of this approach, of course, is that all Apple security updates - even comparatively unimportant ones that close off minor vulnerabilities that Apple itself discovered privately - feel like emergency updates, because they always arrive so suddenly and unexpectedly.
Short emails from the Apple Product Security mailing list imply that the patches you are looking at were so important all on their own that they couldn't wait to be bundled into an update together with the other patches Apple was already working on.
CVE-2021-1782: an anonymous researcher WebKit --- Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch Impact: A remote attacker may be able to cause arbitrary code execution.
News URL
Related news
- Critical Ivanti RCE flaw with public exploit now used in attacks (source)
- Fraudsters imprisoned for scamming Apple out of 6,000 iPhones (source)
- Apple Releases Critical iOS and iPadOS Updates to Fix VoiceOver Password Vulnerability (source)
- Qualcomm Urges OEMs to Patch Critical DSP and WLAN Flaws Amid Active Exploits (source)
- Exploit code for critical GitLab auth bypass flaw released (CVE-2024-45409) (source)
- Akira and Fog ransomware now exploit critical Veeam RCE flaw (source)
- 1000s of Palo Alto Networks firewalls hijacked as miscreants exploit critical hole (source)
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2021-04-02 | CVE-2021-1782 | Improper Locking vulnerability in Apple products A race condition was addressed with improved locking. | 7.0 |