Apple Issues Urgent Patches for 2 Zero-Day Flaws Exploited in the Wild

1 month ago 57

Apple connected Monday shipped out-of-band information patches to code 2 zero-day vulnerabilities successful iOS 12.5.3 that it says are being actively exploited successful the wild.

Stack Overflow Teams

The latest update, iOS 12.5.4, comes with 3 information fixes, including a representation corruption contented successful the ASN.1 decoder (CVE-2021-30737) and 2 flaws concerning the WebKit browser motor that could beryllium abused to execute distant codification execution —

  • CVE-2021-30761 - A representation corruption contented that could beryllium exploited to summation arbitrary codification execution erstwhile processing maliciously crafted web content. The flaw was addressed with improved authorities management.
  • CVE-2021-30762 - A use-after-free contented that could beryllium exploited to summation arbitrary codification execution erstwhile processing maliciously crafted web content. The flaw was resolved with improved representation management.

Both CVE-2021-30761 and CVE-2021-30762 were reported to Apple anonymously, with the Cupertino-based institution stating successful its advisory that it's alert of reports that the vulnerabilities "may person been actively exploited." As is usually the case, Apple didn't stock immoderate specifics connected the quality of the attacks, the victims that whitethorn person been targeted, oregon the menace actors that whitethorn beryllium abusing them.

One happening evident, however, is that the progressive exploitation attempts were directed against owners of older devices specified arsenic iPhone 5s, iPhone 6, iPhone 6 Plus, iPad Air, iPad mini 2, iPad mini 3, and iPod interaction (6th generation). The determination mirrors a akin hole that Apple rolled retired connected May 3 to remediate a buffer overflow vulnerability (CVE-2021-30666) successful WebKit targeting the aforesaid acceptable of devices.

Prevent Data Breaches

Along with the 2 aforementioned flaws, Apple has patched a full of 12 zero-days affecting iOS, iPadOS, macOS, tvOS, and watchOS since the commencement of the twelvemonth —

  • CVE-2021-1782 (Kernel) - A malicious exertion whitethorn beryllium capable to elevate privileges
  • CVE-2021-1870 (WebKit) - A distant attacker whitethorn beryllium capable to origin arbitrary codification execution
  • CVE-2021-1871 (WebKit) - A distant attacker whitethorn beryllium capable to origin arbitrary codification execution
  • CVE-2021-1879 (WebKit) - Processing maliciously crafted web contented whitethorn pb to cosmopolitan cross-site scripting
  • CVE-2021-30657 (System Preferences) - A malicious exertion whitethorn bypass Gatekeeper checks
  • CVE-2021-30661 (WebKit Storage)- Processing maliciously crafted web contented whitethorn pb to arbitrary codification execution
  • CVE-2021-30663 (WebKit) - Processing maliciously crafted web contented whitethorn pb to arbitrary codification execution
  • CVE-2021-30665 (WebKit) - Processing maliciously crafted web contented whitethorn pb to arbitrary codification execution
  • CVE-2021-30666 (WebKit) - Processing maliciously crafted web contented whitethorn pb to arbitrary codification execution
  • CVE-2021-30713 (TCC framework) - A malicious exertion whitethorn beryllium capable to bypass Privacy preferences

Users of Apple devices are recommended to update to the latest versions to mitigate the hazard associated with the vulnerabilities.


Found this nonfiction interesting? Follow THN connected Facebook, Twitter and LinkedIn to work much exclusive contented we post.

Read Entire Article