Security News > 2021 > March > Apple Patches Under-Attack iOS Zero-Day

Apple has shipped an urgent security update to fix a major security flaw affecting iPhone, iPad and Apple Watch devices alongside a warning that the vulnerability is being actively exploited in the wild.
The new iOS 14.4.2 was released on Friday with yet another band-aid for Apple's flagship iOS platform and the company said it was "Aware of reports that an exploit for this issue exists in the wild."
Apple is aware of a report that this issue may have been actively exploited.
Since January 2020, Apple has scrambled out patches for least 7 documented in-the-wild zero day attacks, mostly launched by nation-state backed threat actors.
Last week, Google released new details on a pair of exploit servers used by a sophisticated threat actor to hit users across multiple platforms, including exploits aimed squarely at Apple's IOS. The APT group effectively burned through at least 11 zero-days exploits in less than a year to conduct mass spying across a range of platforms and devices.
Ryan has built security engagement programs at major global brands, including Intel Corp., Bishop Fox and Kaspersky GReAT. He is a co-founder of Threatpost and the global SAS conference series.
News URL
http://feedproxy.google.com/~r/Securityweek/~3/78mCQlWAfWA/apple-patches-under-attack-ios-zero-day
Related news
- Apple fixes zero-day exploited in 'extremely sophisticated' attacks (source)
- Apple fixes zero-day flaw exploited in “extremely sophisticated” attack (CVE-2025-24200) (source)
- Apple Patches Actively Exploited iOS Zero-Day CVE-2025-24200 in Emergency Update (source)
- Apple fixes WebKit zero-day exploited in ‘extremely sophisticated’ attacks (source)
- Apple Releases Patch for WebKit Zero-Day Vulnerability Exploited in Targeted Attacks (source)
- Apple warns 'extremely sophisticated attack' may be targeting iThings (source)
- PostgreSQL Vulnerability Exploited Alongside BeyondTrust Zero-Day in Targeted Attacks (source)
- Critical PostgreSQL bug tied to zero-day attack on US Treasury (source)
- Microsoft fixes Power Pages zero-day bug exploited in attacks (source)
- Broadcom fixes three VMware zero-days exploited in attacks (source)