Security News > 2021 > September > Apple products vulnerable to FORCEDENTRY zero-day attack – patch now!
Intriguingly, Apple also fixed another in-the-wild bug at the same time, dubbed CVE-2021-30858.
Even browsers such as Edge and Firefox, which usually use the Chromium and Gecko web rendering software respectively, have to use via WebKit instead, so WebKit security bugs can have widespread consequences on iPhones and iPads.
The CVE-2021-30858 bug is a use-after-free vulnerability, where a program hands back to the operating system memory that it no longer needs, so it can be used elsewhere.
With two apparently independent bugs in the wild at the same time, with little indication so far of what to watch out for in booby trapped PDF files or web pages, there's not much you can do.
HT212807: iOS 14.8 and iPadOS 14.8, fixing both bugs.
As far as we can tell, the Citizen Lab bug affects "All iPhones with iOS versions prior to 14.8", which we assume includes iOS 12, still officially supported by Apple.
News URL
Related news
- Apple Releases Patch for WebKit Zero-Day Vulnerability Exploited in Targeted Attacks (source)
- Apple fixes WebKit zero-day exploited in ‘extremely sophisticated’ attacks (source)
- Zero-Day Alert: Google Releases Chrome Patch for Exploit Used in Russian Espionage Attacks (source)
- Apple fixes two zero-days exploited in targeted iPhone attacks (source)
- Apple plugs zero-day holes used in targeted iPhone attacks (CVE-2025-31200, CVE-2025-31201) (source)
- Apple Patches Two Zero-Days Used in ‘Extremely Sophisticated’ Attacks (source)
- Broadcom fixes three VMware zero-days exploited in attacks (source)
- Microsoft March 2025 Patch Tuesday fixes 7 zero-days, 57 flaws (source)
- Choose your own Patch Tuesday adventure: Start with six zero day fixes, or six critical flaws (source)
- Patch Tuesday: Microsoft Fixes 57 Security Flaws – Including Active Zero-Days (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-08-24 | CVE-2021-30858 | Use After Free vulnerability in multiple products A use after free issue was addressed with improved memory management. | 8.8 |