Apple Patches Three Zero-day Vulnerabilities in iOS, iPadOS and TvOS

Apple has released fixes for three zero-day vulnerabilities in it iOS, iPadOS and tvOS that may have already been exploited by hackers in real attacks. The nature of the attacks, their scale and who is the organizer, Apple does not specify.

All three vulnerabilities (CVE-2021-1782, CVE-2021-1870 and CVE-2021-1871) were discovered by an anonymous security researcher and fixed in iOS 14.4 and iPadOS 14.4 for iPhone 6s and newer, iPad Air 2 and newer , iPad Mini 4 and later, and iPod touch 7th generation. Patches have also been released for Apple TV 4K and Apple TV HD.

CVE-2021-1782: Kernel race condition vulnerability. With its help, the application can increase its privileges on the system.

CVE-2021-1870 and CVE-2021-1871: Logical errors in the WebKit browser engine. Their successful exploitation allows remote code execution.

It is possible that attackers exploit these vulnerabilities in a bundle to carry out watering hole attacks. Such attacks involve infecting the victim's device with malware through compromised sites. Using the above vulnerabilities, the malware can escalate its privileges and execute arbitrary commands to gain control over the device.

Previous Post Next Post