Home > Cyber News > Patch Your iOS Device against CVE-2021-1782, CVE-2021-1870, and CVE-2021-1871
CYBER NEWS

Patch Your iOS Device against CVE-2021-1782, CVE-2021-1870, and CVE-2021-1871

Apple recently addressed three zero-day vulnerabilities in iOS, iPadOS.

CVE-2021-1782, CVE-2021-1870, and CVE-2021-1871 could allow threat actors to perform privilege escalation and remote code execution attacks. The company says the vulnerabilities were likely exploited in the wild, without specifying the attacks’ extent.




More about the three Apple zero-days

The three vulnerabilities were reported by an anonymous researcher. Let’s see what we know about them so far.

CVE-2021-1782

It is noteworthy that this vulnerability affects the kernel in the following Apple devices: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation). Apple’s description says that “a race condition was addressed with improved locking.”

If exploited, this zero-day could enable a malicious application to elevate privileges on a vulnerable device, so patching is highly recommended.

CVE-2021-1870 and CVE-2021-1871

These two bugs represent a logic issue that was addressed via improved restrictions. Affected are iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation).

These bugs resided in the WebKit browser engine and could allow an attacker to perform arbitrary code execution inside the Safari browser.

Apple users should take the time to revise their devices’ security and see whether the patches are applied.


Last year, security researchers disclosed a security flaw in Safari for iOS and Mac, which occurred due to Safari preserving address bar of the URL when requested over an arbitrary port.”

The issue was caused by using malicious executable JavaScript code on a random website. The code made the browser update the address while the page loads to another address chosen by the attackers.

Threat actors could arrange a malicious webpage and trick the victim into opening the link sent in a spoofed email or text message. This action would take the potential victim to malware or would steal their credentials.

Milena Dimitrova

An inspired writer and content manager who has been with SensorsTechForum since the project started. A professional with 10+ years of experience in creating engaging content. Focused on user privacy and malware development, she strongly believes in a world where cybersecurity plays a central role. If common sense makes no sense, she will be there to take notes. Those notes may later turn into articles! Follow Milena @Milenyim

More Posts

Follow Me:
Twitter

Leave a Comment

Your email address will not be published. Required fields are marked *

Share on Facebook Share
Loading...
Share on Twitter Tweet
Loading...
Share on Google Plus Share
Loading...
Share on Linkedin Share
Loading...
Share on Digg Share
Share on Reddit Share
Loading...
Share on Stumbleupon Share
Loading...