Apple has released security updates to address an iOS zero-day bug actively exploited in the wild and affecting iPhone, iPad, iPod, and Apple Watch devices.
“Apple is aware of a report that this issue may have been actively exploited.,” the company said in a security advisory published today.
The vulnerability tracked as CVE-2021-1879 was reported by Clement Lecigne of Google Threat Analysis Group and Billy Leonard of Google Threat Analysis Group.
The zero-day was discovered in the Webkit browser engine and allows attackers to launch universal cross-site scripting attacks after tricking targets into opening maliciously crafted web content on their devices.
Also Read: Compliance Course Singapore: Spotlight On The 3 Offerings
The list of affected devices includes:
The zero-days were addressed by Apple earlier today by improving the management of object lifetimes in iOS 14.4.2, iOS 12.5.2, and watchOS 7.3.3.
“This update provides important security updates and is recommended for all users,” Apple tells users who update to the latest iOS version.
Apple patched two other sets of exploited in the wild iOS zero-days in January 2021 and November 2020, reported by an anonymous researcher and Project Zero, Google’s 0day bug-hunting team.
In January, the company fixed a race condition bug in the iOS kernel (tracked as CVE-2021-1782) and two WebKit flaws (tracked as CVE-2021-1870 and CVE-2021-1871).
In November, Apple patched three other iOS zero-days—a remote code execution bug (CVE-2020-27930), a kernel memory leak (CVE-2020-27950), and a kernel privilege escalation flaw (CVE-2020-27932)—affecting iPhone, iPad, and iPod devices.
Also Read: Considering Enterprise Risk Management Certification Singapore? Here Are 7 Best Outcomes
Project Zero recently revealed that a group of hackers used 11 zero-days in attacks targeting Windows, iOS, and Android users within a single year.
Importance of Efficient Access Controls that every Organisation in Singapore should take note of. Enhancing…
Prioritizing Security Measures When Launching a Webpage That Every Organisation in Singapore should take note…
Importance of Regularly Changing Passwords for Enhance Online Security that every Organisation in Singapore should…
Comprehensive Approach to Data Protection and Operational Integrity that every Organsiation in Singapore should know…
Here's the importance of Pre-Launch Testing in IT Systems Implementation for Organisations in Singapore. The…
Understanding Liability in IT Vendor Relationships that every Organisation in Singapore should look at. Understanding…
This website uses cookies.