Security News > 2021 > January > Apple fixes three actively exploited iOS zero-days
Apple has release a new batch of security updates and has fixed three iOS zero-days that "May have been actively exploited" by attackers.
Two of the zero-day vulnerabilities are logic issues affecting the WebKit browser engine, which may allow a remote attacker to achieve code execution on devices running a vulnerable version of iOS or iPadOS. The third zero-day affects the operating systems' kernel.
It's unknown whether the attacks are targeted or widespread. Apple has noted that additional details will be available soon.
In the meantime, users are advised to update their devices to plug the exploited iOS zero-days.
In the last six months, similar iOS zero-days have been leveraged in targeted attacks flagged by the Google Threat Analysis Group and Citizen Lab.
Apple has also released a security update for iCloud for Windows that fixes four vulnerabilities that may lead to arbitrary code execution or heap corruption, and Xcode, its integrated development environment for macOS, which fixes a path handling issue that could allow a malicious application to access arbitrary files on the host device while running an app that uses on-demand resources with Xcode.
News URL
http://feedproxy.google.com/~r/HelpNetSecurity/~3/ZELGqckBb6A/
Related news
- Apple Patches Actively Exploited iOS Zero-Day CVE-2025-24200 in Emergency Update (source)
- Apple fixes this year’s first actively exploited zero-day bug (source)
- Apple Patches Actively Exploited Zero-Day Affecting iPhones, Macs, and More (source)
- Apple plugs security hole in its iThings that's already been exploited in iOS (source)
- Apple zero-day vulnerability exploited to target iPhone users (CVE-2025-24085) (source)
- Apple fixes zero-day exploited in 'extremely sophisticated' attacks (source)
- Apple fixes zero-day flaw exploited in “extremely sophisticated” attack (CVE-2025-24200) (source)