Home Cyber Crime Apple fixes iOS zero-day vulnerability exploited in the wild

Apple fixes iOS zero-day vulnerability exploited in the wild


Apple fixes iOS zero-day vulnerability exploited in the wild

Apple has launched safety updates to handle an iOS zero-day bug actively exploited within the wild and affecting iPhone, iPad, iPod, and Apple Watch gadgets.

“Apple is conscious of stories that an exploit for this subject exists within the wild,” the corporate said in a safety advisory printed at present.

The vulnerability tracked as CVE-2021-1879 was reported by Clement Lecigne of Google Menace Evaluation Group and Billy Leonard of Google Menace Evaluation Group.

The zero-day was found within the Webkit browser engine and permits attackers to launch common cross-site scripting assaults after tricking targets into opening maliciously crafted internet content material on their gadgets.

The checklist of affected gadgets contains:

  • iPhone 6s and later, iPad Professional (all fashions), iPad Air 2 and later, iPad fifth era and later, iPad mini 4 and later, and iPod contact (seventh era).
  • iPhone 5s, iPhone 6, iPhone 6 Plus, iPad Air, iPad mini 2, iPad mini 3, and iPod contact (sixth era)
  • Apple Watch Sequence 3 and later

The zero-days had been addressed by Apple earlier at present by enhancing the administration of object lifetimes in iOS 14.4.2, iOS 12.5.2, and watchOS 7.3.3.

Apple patched two different units of exploited within the wild iOS zero-days in January 2021 and November 2020, reported by an nameless researcher and Challenge Zero, Google’s 0day bug-hunting staff.

In January, the corporate mounted a race situation bug within the iOS kernel (tracked as CVE-2021-1782) and two WebKit flaws (tracked as CVE-2021-1870 and CVE-2021-1871). 

In November, Apple patched three other iOS zero-days—a distant code execution bug (CVE-2020-27930), a kernel reminiscence leak (CVE-2020-27950), and a kernel privilege escalation flaw (CVE-2020-27932)—affecting iPhone, iPad, and iPod gadgets.

Challenge Zero not too long ago revealed {that a} group of hackers used 11 zero-days in attacks targeting Windows, iOS, and Android users inside a single 12 months.

Source link