Apple reports 2 iOS 0-days that let hackers compromise fully patched devices

  • Apple reports 2 iOS 0-days that let hackers compromise fully patched devices

    updated 1 week, 3 days ago 1 Member · 1 Post
  • Anonymous

    Member
    May 5, 2021 at 10:26 AM
    Up
    0
    Down

    Enlarge / The 2020 iPhone lineup. From left to right: iPhone 12 Pro Max, iPhone 12 Pro, iPhone 12, iPhone SE, and iPhone 12 mini. (credit: Samuel Axon)

    A week after Apple issued its biggest iOS and iPadOS update since last September’s release of version 14.0, the company has released a new update to patch two zero-days that allowed attackers to execute malicious code on fully up-to-date devices. Monday’s release of version 14.5.1 also fixes problems with a bug in the newly released App Tracking Transparency feature rolled out in the previous version.

    Both vulnerabilities reside in Webkit, a browser engine that renders Web content in Safari, Mail, App Store, and other select apps running on iOS, macOS, and Linux. CVE-2021-30663 and CVE-2021-30665, as the zero-days are tracked, have now been patched. Last week, Apple fixed CVE-2021-30661, another code-execution flaw in iOS Webkit, that also might have been actively exploited.

    “Processing maliciously crafted web content may lead to arbitrary code execution,” Apple said in its security notes, referring to the flaws. “Apple is aware of a report that this issue may have been actively exploited.” MacOS 11.3.1, which Apple also released on Monday, also fixed CVE-2021-30663 and CVE-2021-30665.

    Read 6 remaining paragraphs | Comments

    Visit the Source

Sort by:

Log in to reply.

Original Post
0 of 0 posts June 2018
Now

New Report

Close