Security News > 2021 > January > Apple critical patches fix in-the-wild iPhone exploits – update now!

Apple critical patches fix in-the-wild iPhone exploits – update now!
2021-01-27 19:43

Apple, rather unusually in today's cybersecurity world, rarely announces that security fixes are on the way.

Apple doesn't disclose, discuss or confirm security issues until an investigation has occurred and patches or releases are generally available.

The idea behind security patches that "Just show up" is that as soon as any update is announced or published, crooks and legitimate researchers alike start trying to work backwards from the fix in order to figure out the details of the underlying vulnerability and how it might be exploited.

The flipside of this approach, of course, is that all Apple security updates - even comparatively unimportant ones that close off minor vulnerabilities that Apple itself discovered privately - feel like emergency updates, because they always arrive so suddenly and unexpectedly.

Short emails from the Apple Product Security mailing list imply that the patches you are looking at were so important all on their own that they couldn't wait to be bundled into an update together with the other patches Apple was already working on.

CVE-2021-1782: an anonymous researcher WebKit --- Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch Impact: A remote attacker may be able to cause arbitrary code execution.


News URL

https://nakedsecurity.sophos.com/2021/01/27/apple-critical-patches-fix-in-the-wild-iphone-exploits-update-now/

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2021-04-02 CVE-2021-1782 Improper Locking vulnerability in Apple products
A race condition was addressed with improved locking.
local
high complexity
apple CWE-667
7.0

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Apple 68 212 1433 2208 257 4110