Security News > 2021 > June > Apple fixes ninth zero-day bug exploited in the wild this year
Apple has fixed two iOS zero-day vulnerabilities that "May have been actively exploited" to hack into older iPhone, iPad, and iPod devices.
Webkit is a browser rendering engine used by Apple web browsers and applications to render HTML content on desktop and mobile platforms, including iOS, macOS, tvOS, and iPadOS. Attackers could exploit the two vulnerabilities using maliciously crafted web content that would trigger arbitrary code execution after being loaded by the targets on unpatched devices.
"Apple is aware of a report that this issue may have been actively exploited," Apple said when describing the two iOS 12.5.4 vulnerabilities.
Since March, we've seen a neverending stream of zero-day bugs-nine of them in total-showing up in Apple's security advisories, most of them also tagged as having been exploited in attacks.
Last month, Apple patched a macOS zero-day used by the XCSSET malware to bypass Apple's TCC protections designed to safeguard its users' privacy.
Apple also addressed three zero-days in May, bugs found in the Webkit engine allowing arbitrary remote code execution on vulnerable devices simply by visiting malicious websites.
News URL
Related news
- Apple fixes two zero-days used in attacks on Intel-based Macs (source)
- Apple Releases Urgent Updates to Patch Actively Exploited Zero-Day Vulnerabilities (source)
- Apple fixes 2 zero-days exploited to breach macOS systems (CVE-2024-44309, CVE-2024-44308) (source)
- Apple Patches Two Zero-Day Attack Vectors (source)