Security News > 2021 > March > Apple fixes a iOS zero-day vulnerability actively used in attacks
Apple has released security updates to address an iOS zero-day bug actively exploited in the wild and affecting iPhone, iPad, iPod, and Apple Watch devices.
The zero-days were addressed by Apple earlier today by improving the management of object lifetimes in iOS 14.4.2, iOS 12.5.2, and watchOS 7.3.3.
"This update provides important security updates and is recommended for all users," Apple tells users who update to the latest iOS version.
Apple patched two other sets of exploited in the wild iOS zero-days in January 2021 and November 2020, reported by an anonymous researcher and Project Zero, Google's 0day bug-hunting team.
In November, Apple patched three other iOS zero-days-a remote code execution bug, a kernel memory leak, and a kernel privilege escalation flaw-affecting iPhone, iPad, and iPod devices.
Project Zero recently revealed that a group of hackers used 11 zero-days in attacks targeting Windows, iOS, and Android users within a single year.
News URL
Related news
- Apple fixes two zero-days used in attacks on Intel-based Macs (source)
- Apple Patches Two Zero-Day Attack Vectors (source)
- Palo Alto Networks patches two firewall zero-days used in attacks (source)
- Apple Releases Urgent Updates to Patch Actively Exploited Zero-Day Vulnerabilities (source)
- Apple fixes 2 zero-days exploited to breach macOS systems (CVE-2024-44309, CVE-2024-44308) (source)
- Japan warns of IO-Data zero-day router flaws exploited in attacks (source)
- Fully patched Cleo products under renewed 'zero-day-ish' mass attack (source)
- New Cleo zero-day RCE flaw exploited in data theft attacks (source)
- Cleo patches critical zero-day exploited in data theft attacks (source)
- Apache Tomcat Vulnerability CVE-2024-56337 Exposes Servers to RCE Attacks (source)