Home > Cyber News > Patch Your iOS Device against CVE-2021-1782, CVE-2021-1870, and CVE-2021-1871
CYBER NEWS

Patch Your iOS Device against CVE-2021-1782, CVE-2021-1870, and CVE-2021-1871

by   |  Last Update:  |  0 Comments  

Apple recently addressed three zero-day vulnerabilities in iOS, iPadOS.

CVE-2021-1782, CVE-2021-1870, and CVE-2021-1871 could allow threat actors to perform privilege escalation and remote code execution attacks. The company says the vulnerabilities were likely exploited in the wild, without specifying the attacks’ extent.




More about the three Apple zero-days

The three vulnerabilities were reported by an anonymous researcher. Let’s see what we know about them so far.

CVE-2021-1782

It is noteworthy that this vulnerability affects the kernel in the following Apple devices: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation). Apple’s description says that “a race condition was addressed with improved locking.”

If exploited, this zero-day could enable a malicious application to elevate privileges on a vulnerable device, so patching is highly recommended.

CVE-2021-1870 and CVE-2021-1871

These two bugs represent a logic issue that was addressed via improved restrictions. Affected are iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation).

These bugs resided in the WebKit browser engine and could allow an attacker to perform arbitrary code execution inside the Safari browser.

Apple users should take the time to revise their devices’ security and see whether the patches are applied.

Last year, security researchers disclosed a security flaw in Safari for iOS and Mac, which occurred due to Safari preserving address bar of the URL when requested over an arbitrary port.”

The issue was caused by using malicious executable JavaScript code on a random website. The code made the browser update the address while the page loads to another address chosen by the attackers.

Threat actors could arrange a malicious webpage and trick the victim into opening the link sent in a spoofed email or text message. This action would take the potential victim to malware or would steal their credentials.

Milena Dimitrova

An inspired writer and content manager who has been with SensorsTechForum since the project started. A professional with 10+ years of experience in creating engaging content. Focused on user privacy and malware development, she strongly believes in a world where cybersecurity plays a central role. If common sense makes no sense, she will be there to take notes. Those notes may later turn into articles! Follow Milena @Milenyim

More Posts

Follow Me:
Twitter

Related posts:
  1. Patch Your iOS Device against CVE-2021-30761, CVE-2021-30762 To the attention of Apple users – the company recently...
  2. Adobe Patches 112 Vulnerabilities in Latest Patch Package (CVE-2018-5007) Adobe has released the latest patch package that addresses a...
  3. iOS CVE-2021-30807 Zero-Day Exploited in the Wild, Patch Now A zero-day vulnerability in iOS, iPadOS, and macOS was just...
  4. CVE-2022-32917: Actively Exploited Zero-Day in macOS and iOS This week Apple released an emergency update to address a...
  5. July 2021 Patch Tuesday: Actively Exploited CVE-2021-34448 Fixed Microsoft Windows July 2021 Patch Tuesday just rolled out, patching...
  6. CVE-2021-30860: Fix Your Apple Device against the FORCEDENTRY Zero-Day There’s a new zero-day, zero-click vulnerability in all types of...
  7. Apple ID Phishing Scam — WHAT IS IT + How to Remove This article has been created in order to explain to...
  8. The Most Exploited Vulnerabilities in 2021 Include CVE-2021-44228, CVE-2021-26084 Which were the most routinely exploited security vulnerabilities in 2021?...

Leave a Comment

Your email address will not be published. Required fields are marked *

This website uses cookies to improve user experience. By using our website you consent to all cookies in accordance with our Privacy Policy.
I Agree