Security News > 2021 > March > Apple Patches Under-Attack iOS Zero-Day

Apple has shipped an urgent security update to fix a major security flaw affecting iPhone, iPad and Apple Watch devices alongside a warning that the vulnerability is being actively exploited in the wild.
The new iOS 14.4.2 was released on Friday with yet another band-aid for Apple's flagship iOS platform and the company said it was "Aware of reports that an exploit for this issue exists in the wild."
Apple is aware of a report that this issue may have been actively exploited.
Since January 2020, Apple has scrambled out patches for least 7 documented in-the-wild zero day attacks, mostly launched by nation-state backed threat actors.
Last week, Google released new details on a pair of exploit servers used by a sophisticated threat actor to hit users across multiple platforms, including exploits aimed squarely at Apple's IOS. The APT group effectively burned through at least 11 zero-days exploits in less than a year to conduct mass spying across a range of platforms and devices.
Ryan has built security engagement programs at major global brands, including Intel Corp., Bishop Fox and Kaspersky GReAT. He is a co-founder of Threatpost and the global SAS conference series.
News URL
http://feedproxy.google.com/~r/Securityweek/~3/78mCQlWAfWA/apple-patches-under-attack-ios-zero-day
Related news
- Apple fixes WebKit zero-day exploited in ‘extremely sophisticated’ attacks (source)
- Apple Releases Patch for WebKit Zero-Day Vulnerability Exploited in Targeted Attacks (source)
- Apple fixes two zero-days exploited in targeted iPhone attacks (source)
- Apple Patches Two Actively Exploited iOS Flaws Used in Sophisticated Targeted Attacks (source)
- Apple plugs zero-day holes used in targeted iPhone attacks (CVE-2025-31200, CVE-2025-31201) (source)
- Apple Patches Two Zero-Days Used in ‘Extremely Sophisticated’ Attacks (source)
- Broadcom fixes three VMware zero-days exploited in attacks (source)
- Global Pressure Mounts for Apple as Brazilian Court Demands iOS Sideloading Within 90 Days (source)
- EncryptHub linked to MMC zero-day attacks on Windows systems (source)
- Zero-Day Alert: Google Releases Chrome Patch for Exploit Used in Russian Espionage Attacks (source)