Security News > 2021 > January > Apple critical patches fix in-the-wild iPhone exploits – update now!
Apple, rather unusually in today's cybersecurity world, rarely announces that security fixes are on the way.
Apple doesn't disclose, discuss or confirm security issues until an investigation has occurred and patches or releases are generally available.
The idea behind security patches that "Just show up" is that as soon as any update is announced or published, crooks and legitimate researchers alike start trying to work backwards from the fix in order to figure out the details of the underlying vulnerability and how it might be exploited.
The flipside of this approach, of course, is that all Apple security updates - even comparatively unimportant ones that close off minor vulnerabilities that Apple itself discovered privately - feel like emergency updates, because they always arrive so suddenly and unexpectedly.
Short emails from the Apple Product Security mailing list imply that the patches you are looking at were so important all on their own that they couldn't wait to be bundled into an update together with the other patches Apple was already working on.
CVE-2021-1782: an anonymous researcher WebKit --- Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch Impact: A remote attacker may be able to cause arbitrary code execution.
News URL
Related news
- Ivanti warns of critical vTM auth bypass with public exploit (source)
- Week in review: SonicWall critical firewalls flaw fixed, APT exploits WPS Office for Windows RCE (source)
- Exploit code released for critical Ivanti RCE flaw, patch now (source)
- Week in review: Critical VMware vCenter Server bugs fixed, Apple releases iOS 18 (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-04-02 | CVE-2021-1782 | Improper Locking vulnerability in Apple products A race condition was addressed with improved locking. | 7.0 |