image
Apple has issued out-of-band patches for critical security issues affecting iPad, iPhone and iPod, which could allow remote code execution (RCE) and other attacks, completely compromising users’ systems. And, the computing giant thinks all of them may have already been exploited in the wild. Three of these are zero-day flaws, while one is an expanded patch for a fourth vulnerability. Apple keeps details of security problems close to the vest, “for our customers’ protection,” saving the blood and guts until after it investigates and manages to pump out patches or new releases. Join Threatpost for “Fortifying Your Business Against Ransomware, DDoS & Cryptojacking Attacks” a LIVE roundtable event on Wednesday, May 12 at 2:00 PM EDT for this FREE webinar sponsored by Zoho ManageEngine. What data it does disclose can be found on its support page. Here’s a summary of the three zero-days: Zero-Day Bugs in WebKit CVE-2021-30665: A critical memory-corruption issue in the Safari WebKit engine where “processing maliciously crafted web content may lead to arbitrary code execution” was addressed with improved state management. Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation). The bug was reported to Apple by three security researchers, nicknamed yangkang, zerokeeper and bianliang. CVE-2021-30663: This second flaw is also found in the open-source WebKit browser…

Source