Security News > 2021 > July > Apple Issues Urgent iPhone Updates; None for Pegasus Zero-Day
iPhone users, drop what you're doing and update now: Apple has issued a warning about a ream of code-execution vulnerabilities - some of which are remotely exploitable - and experts are emphatically recommending an ASAP update to version 14.7 of iOS and iPadOS. Unfortunately, you aren't getting a fix for the flaw that makes your iPhones easy prey for Pegasus spyware.
A local attacker may be able to execute code on the Apple T2 Security Chip due to multiple logic issues in IOKit.
An application may be able to execute arbitrary code with kernel privileges due to logic issues in state management and double free issues in the kernel.
A malicious application may be able to bypass Privacy preferences due to entitlement issues in Kext Management.
A malicious application or sandboxed process may be able to break out of its sandbox or restrictions due to environment sanitization and access restriction issues in LaunchServices.
A malicious application may be able to bypass certain Privacy preferences due to a logic issue in TCC. Processing maliciously crafted web content may lead to arbitrary code execution due to type confusion, use after free, and memory corruption issues in WebKit.
News URL
https://threatpost.com/apple-iphone-pegasus-zero-day/168040/
Related news
- Fraudsters imprisoned for scamming Apple out of 6,000 iPhones (source)
- Apple fixes two zero-days used in attacks on Intel-based Macs (source)
- Apple Releases Urgent Updates to Patch Actively Exploited Zero-Day Vulnerabilities (source)
- Apple fixes 2 zero-days exploited to breach macOS systems (CVE-2024-44309, CVE-2024-44308) (source)
- Apple Patches Two Zero-Day Attack Vectors (source)