With the release of iOS 14.4 and iPadOS 14.4, Apple has patched three previously undisclosed security flaws. As per its support page, these security flaws might have been actively exploited in the wild.
These security flaws, applicable to iPhone, iPod touch, and iPad running iOS 14.3 and prior versions of the operating system, were related to the Kernel, and WebKit, the rendering engine used by Safari and other browsers in iOS. One security issue was related to the Kernel and two were to WebKit.
Zero-day exploits fixed in iOS 14.4, Apple reports that they were actively exploited before patch
These zero-day exploits were reported by an anonymous researcher. So far, no public information is available for any of them, however, Apple has shared that the issues would have let malicious apps access elevated privileges, and attackers could remotely cause arbitrary code execution.
These are the details shared by Apple for now. The support page mentions that additional details will be available soon. Disclosing more information will be hopeful so organizations can check if they were on the receiving end of these exploits and faced any attacks.
Kernel
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation)
Impact: A malicious application may be able to elevate privileges. Apple is aware of a report that this issue may have been actively exploited.
Description: A race condition was addressed with improved locking.
CVE-2021-1782: an anonymous researcher
WebKit
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation)
Impact: A remote attacker may be able to cause arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.
Description: A logic issue was addressed with improved restrictions.
CVE-2021-1871: an anonymous researcher
CVE-2021-1870: an anonymous researcher
It’s always a cat and mouse game between companies Apple and hackers looking to exploits security flaws. The stakes have been raised as state-backed malicious actors have been trying to use flaws to steal information and spy on people. The recent iMessage flaw that allowed journalists’ iPhones to be hacked by Israeli spyware was an eye-opener.
Read more:
1 comment
Comments are closed.