Apple has issued out-of-band patches for critical security issues affecting iPad, iPhone and iPod, which could allow remote code execution (RCE) and other attacks, completely compromising users’ systems. And, the computing giant thinks all of them may have already been exploited in the wild. Three of these are zero-day flaws, while one is an expanded patch for a fourth vulnerability. Apple keeps details of security problems close to the vest, “for our customers’ protection,” saving the blood and guts until after it investigates and manages to pump out patches or new releases. Join Threatpost for “Fortifying Your Business Against Ransomware, DDoS & Cryptojacking Attacks” a LIVE roundtable event on Wednesday, May 12 at 2:00 PM EDT for this FREE webinar sponsored by Zoho ManageEngine. What data it does disclose can be found on its support page. Here’s a summary of the three zero-days: Zero-Day Bugs in WebKit CVE-2021-30665: A critical memory-corruption issue in the Safari WebKit engine where “processing maliciously crafted web content may lead to arbitrary code execution” was addressed with improved state management. Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation). The bug was reported to Apple by three security researchers, nicknamed yangkang, zerokeeper and bianliang. CVE-2021-30663: This second flaw is also found in the open-source WebKit browser…
0 0 govanguard https://govanguard.com/wp-content/uploads/2018/04/Header_Logo.png govanguard2021-05-04 12:16:002021-05-04 12:16:00Apple Fixes Zero‑Day Security Bugs Under Active Attack
Our Standard Office Hours
Monday – Friday: 8:00AM – 5:00PM EDT
Saturday – Sunday: Closed
Where to Find Us
Data Privacy Notice
- – All product names, logos, and brands are property of their respective owners.
- – The use of these names, logos, and brands is for identification purposes only and does not imply endorsement.
- – Content syndication and aggregation of public information is solely for the purpose of identifying information security trends, all syndicated content contains source links to the content creator website. All content is owned by it’s respective content creators.
- – If you are an owner of some content and want it to be removed, please email firstname.lastname@example.org