Security News > 2021 > July > Apple Issues Urgent iPhone Updates; None for Pegasus Zero-Day
iPhone users, drop what you're doing and update now: Apple has issued a warning about a ream of code-execution vulnerabilities - some of which are remotely exploitable - and experts are emphatically recommending an ASAP update to version 14.7 of iOS and iPadOS. Unfortunately, you aren't getting a fix for the flaw that makes your iPhones easy prey for Pegasus spyware.
A local attacker may be able to execute code on the Apple T2 Security Chip due to multiple logic issues in IOKit.
An application may be able to execute arbitrary code with kernel privileges due to logic issues in state management and double free issues in the kernel.
A malicious application may be able to bypass Privacy preferences due to entitlement issues in Kext Management.
A malicious application or sandboxed process may be able to break out of its sandbox or restrictions due to environment sanitization and access restriction issues in LaunchServices.
A malicious application may be able to bypass certain Privacy preferences due to a logic issue in TCC. Processing maliciously crafted web content may lead to arbitrary code execution due to type confusion, use after free, and memory corruption issues in WebKit.
News URL
https://threatpost.com/apple-iphone-pegasus-zero-day/168040/
Related news
- Apple backports zero-day patches to older iPhones and Macs (source)
- Apple fixes zero-day exploited in 'extremely sophisticated' attacks (source)
- Apple fixes zero-day flaw exploited in “extremely sophisticated” attack (CVE-2025-24200) (source)
- Apple Patches Actively Exploited iOS Zero-Day CVE-2025-24200 in Emergency Update (source)
- Apple fixes WebKit zero-day exploited in ‘extremely sophisticated’ attacks (source)
- Apple Releases Patch for WebKit Zero-Day Vulnerability Exploited in Targeted Attacks (source)