Security News > 2021 > May > Apple fixes 2 iOS zero-day vulnerabilities actively used in attacks
Today, Apple has released security updates that fix two actively exploited iOS zero-day vulnerabilities in the Webkit engine used by hackers to attack iPhones, iPads, iPods, macOS, and Apple Watch devices.
"Apple is aware of a report that this issue may have been actively exploited," the company said in multiple security advisories published today.
Webkit is Apple's browser rendering engine that is required to be used by all mobile web browsers in iOS and other applications that render HTML, such as Apple Mail and the App Store.
The zero-days were addressed by Apple earlier today in the iOS 14.5.1, iOS 12.5.3, macOS Big Sur 11.3.1, and the watchOS 7.4.1 updates.
"This update fixes an issue with App Tracking Transparency where some users who previously disabled Allow Apps to Request to Track in Settings may not receive prompts from apps after re-enabling it," stated Apple in their iOS 14.5.1 release notes.
Apple has been dealing with a stream of actively exploited zero-day vulnerabilities over the past few months, with one fixed in macOS last month and numerous other iOS vulnerabilities fixed in the previous months.
News URL
Related news
- Apple fixes two zero-days used in attacks on Intel-based Macs (source)
- Apple Releases Urgent Updates to Patch Actively Exploited Zero-Day Vulnerabilities (source)
- Apple Patches Two Zero-Day Attack Vectors (source)
- Most of 2023’s Top Exploited Vulnerabilities Were Zero-Days (source)
- Palo Alto Networks patches two firewall zero-days used in attacks (source)
- Apple fixes 2 zero-days exploited to breach macOS systems (CVE-2024-44309, CVE-2024-44308) (source)
- VPN vulnerabilities, weak credentials fuel ransomware attacks (source)
- Japan warns of IO-Data zero-day router flaws exploited in attacks (source)
- Fully patched Cleo products under renewed 'zero-day-ish' mass attack (source)
- New Cleo zero-day RCE flaw exploited in data theft attacks (source)