Security News > 2021 > January > Apple fixes three actively exploited iOS zero-days

Apple has release a new batch of security updates and has fixed three iOS zero-days that "May have been actively exploited" by attackers.
Two of the zero-day vulnerabilities are logic issues affecting the WebKit browser engine, which may allow a remote attacker to achieve code execution on devices running a vulnerable version of iOS or iPadOS. The third zero-day affects the operating systems' kernel.
It's unknown whether the attacks are targeted or widespread. Apple has noted that additional details will be available soon.
In the meantime, users are advised to update their devices to plug the exploited iOS zero-days.
In the last six months, similar iOS zero-days have been leveraged in targeted attacks flagged by the Google Threat Analysis Group and Citizen Lab.
Apple has also released a security update for iCloud for Windows that fixes four vulnerabilities that may lead to arbitrary code execution or heap corruption, and Xcode, its integrated development environment for macOS, which fixes a path handling issue that could allow a malicious application to access arbitrary files on the host device while running an app that uses on-demand resources with Xcode.
News URL
http://feedproxy.google.com/~r/HelpNetSecurity/~3/ZELGqckBb6A/
Related news
- Global Pressure Mounts for Apple as Brazilian Court Demands iOS Sideloading Within 90 Days (source)
- Apple fixes WebKit zero-day exploited in ‘extremely sophisticated’ attacks (source)
- Apple Releases Patch for WebKit Zero-Day Vulnerability Exploited in Targeted Attacks (source)
- Apple Backports Critical Fixes for 3 Recent 0-Days Impacting Older iOS and macOS Devices (source)
- Apple backports zero-day patches to older iPhones and Macs (source)
- Apple Rolls Out iOS 18.4 With New Languages, Emojis & Apple Intelligence in the EU (source)