Social Items

There are three zero-day flaws in Apple iOS, tvOS and iPadOS, marked as CVE-2021-1782, CVE-2021-1870, and CVE-2021-1871, which vulnerabilities could have allowed an attacker achieve remote code execution and elevated privileges.

While Apple has already released updates for the three zero-day flaws, including for iOS, iPadOS, and tvOS, the company did not say how widespread the attack was or reveal the attackers exploiting the flaws in the wild.

The flaws which were reported by an anonymous researcher, included privilege escalation bug in the kernel (CVE-2021-1782) `that could cause a malicious application to elevate its privileges, discovered in the WebKit browser engine (CVE-2021-1870 and CVE-2021-1871), which could permit an attacker to achieve arbitrary code execution on Safari.

Apple's fixes for the Zero-Day Security Vulnerabilities in iOS, iPadOS, and tvOS



Apple announced the Zero-Day Security Vulnerabilities in iOS, iPadOS, and tvOS, after the patches have been released and widely applied, with the race condition and the WebKit flaws haven been addressed with improved locking and restrictions.



The patches and fixes released for the Zero-Day Security Vulnerabilities in iOS, iPadOS, and tvOS are as follows.

  • iOS 14.4 and iPadOS 14.4


    • Kernel



    Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation).

    Impact: A malicious application may be able to elevate privileges. Apple is aware of a report that this issue may have been actively exploited.

    Description: A race condition was addressed with improved locking.

    CVE-2021-1782: an anonymous researcher.

    WebKit



    Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation).

    Impact: A remote attacker may be able to cause arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.

    Description: A logic issue was addressed with improved restrictions.

    CVE-2021-1871: an anonymous researcher. CVE-2021-1870: an anonymous researcher.

  • tvOS 14.4


    • Kernel



    Available for: Apple TV 4K and Apple TV HD.

    Impact: A malicious application may be able to elevate privileges. Apple is aware of a report that this issue may have been actively exploited.

    Description: A race condition was addressed with improved locking.

    CVE-2021-1782: an anonymous researcher.



These updates are available for iPhone 6s and later, iPad mini 4 and later, iPad Air 2 and later, and iPod touch (7th generation), as well as Apple TV HD and Apple TV 4K.

Zero-Day Security Vulnerabilities in Apple's iOS and iPadOS Exploited in the Wild

There are three zero-day flaws in Apple iOS, tvOS and iPadOS, marked as CVE-2021-1782, CVE-2021-1870, and CVE-2021-1871, which vulnerabilities could have allowed an attacker achieve remote code execution and elevated privileges.

While Apple has already released updates for the three zero-day flaws, including for iOS, iPadOS, and tvOS, the company did not say how widespread the attack was or reveal the attackers exploiting the flaws in the wild.

The flaws which were reported by an anonymous researcher, included privilege escalation bug in the kernel (CVE-2021-1782) `that could cause a malicious application to elevate its privileges, discovered in the WebKit browser engine (CVE-2021-1870 and CVE-2021-1871), which could permit an attacker to achieve arbitrary code execution on Safari.

Apple's fixes for the Zero-Day Security Vulnerabilities in iOS, iPadOS, and tvOS



Apple announced the Zero-Day Security Vulnerabilities in iOS, iPadOS, and tvOS, after the patches have been released and widely applied, with the race condition and the WebKit flaws haven been addressed with improved locking and restrictions.



The patches and fixes released for the Zero-Day Security Vulnerabilities in iOS, iPadOS, and tvOS are as follows.

  • iOS 14.4 and iPadOS 14.4


    • Kernel



    Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation).

    Impact: A malicious application may be able to elevate privileges. Apple is aware of a report that this issue may have been actively exploited.

    Description: A race condition was addressed with improved locking.

    CVE-2021-1782: an anonymous researcher.

    WebKit



    Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation).

    Impact: A remote attacker may be able to cause arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.

    Description: A logic issue was addressed with improved restrictions.

    CVE-2021-1871: an anonymous researcher. CVE-2021-1870: an anonymous researcher.

  • tvOS 14.4


    • Kernel



    Available for: Apple TV 4K and Apple TV HD.

    Impact: A malicious application may be able to elevate privileges. Apple is aware of a report that this issue may have been actively exploited.

    Description: A race condition was addressed with improved locking.

    CVE-2021-1782: an anonymous researcher.



These updates are available for iPhone 6s and later, iPad mini 4 and later, iPad Air 2 and later, and iPod touch (7th generation), as well as Apple TV HD and Apple TV 4K.
Internet Security

No comments

Subscribe to: Post Comments (Atom)