Apple continues to put out potential security fires by patching zero-day vulnerabilities, releasing an emergency update this week to patch three more recently discovered in iOS after a major software update in November already fixed three that were being actively exploited. The newly patched bugs are part of a security update released Tuesday for iOS 14.4 and iPadOS 14.4. One bug, tracked as CVE-2021-1782, was found in the OS kernel, while the other two–CVE-2021-1870 and CVE-2021-1871–were discovered in the WebKit browser engine. The most recent vulnerabilities apparently weren’t known when Apple released iOS 14.2 and iPadOS 14.2, a comprehensive update that patched a total of 24 vulnerabilities back in November. That update included fixes for three zero-day flaws discovered by the Google Project Zero team that were actively being exploited in the wild. Attackers also may be actively taking advantage of the latest bugs, according to Apple. The company described the kernel flaw as a “a race condition” that the update addresses “with improved locking.” If exploited, the vulnerability can allow a malicious application to elevate privileges. The WebKit vulnerabilities are both logic issues that the update addresses with improved restrictions, according to Apple. Exploiting these flaws would allow a remote attacker “to cause arbitrary code execution,” the company said. All the zero-days and thus the fixes affect iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later,…
0 0 govanguard https://govanguard.com/wp-content/uploads/2018/04/Header_Logo.png govanguard2021-01-27 07:21:002021-01-27 07:21:00Apple Patches Three Actively Exploited Zero-Days, Part of iOS Emergency Update
Our Standard Office Hours
Monday – Friday: 8:00AM – 5:00PM EDT
Saturday – Sunday: Closed
Where to Find Us
Data Privacy Notice
- – All product names, logos, and brands are property of their respective owners.
- – The use of these names, logos, and brands is for identification purposes only and does not imply endorsement.
- – Content syndication and aggregation of public information is solely for the purpose of identifying information security trends, all syndicated content contains source links to the content creator website. All content is owned by it’s respective content creators.
- – If you are an owner of some content and want it to be removed, please email firstname.lastname@example.org