An Apple zero-day vulnerability being actively exploited in the wild has been patched up in updates for the iPhone, iPad, and the Apple Watch.
As the month comes to an end, the iPhone maker has addressed another zero-day vulnerability that was impacting the Apple iPhones iPads, and the Apple watches.
Patching the Zero-day:
The Apple zero-day, traced as CVE-2021-1879, is a consequence of a WebKit browser engine flaw that facilitates malicious actors with the ability to design malicious web content that can launch universal cross-site scripting attacks on victims.
The tech giant, taking note of the zero-day vulnerability, stated that the vulnerability was addressed by improved management of object lifetimes.
Clement Lecigne and Billy Leonard of Google’s Threat Analysis Group have been credited for detecting and reporting the zero-day vulnerability.
Details regarding the exact threats posed by the flaw are yet to be published by Apple however, the iPhone maker has noted that they are informed of the reports that the zero-day may have been actively exploited.
Updates addressing the Apple zero-day are available for the following devices:
- iOS 12.5.2 – Phone 5s, iPhone 6, iPhone 6 Plus, iPad Air, iPad mini 2, iPad mini 3, and iPod touch (6th generation)
- iOS 14.4.2 – iPhone 6s and later, and iPod touch (7th generation)
- iPadOS 14.4.2 – iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later
- watchOS 7.3.3 – Apple Watch Series 3 and later
Apple’s zero-day trends:
It is observed that this is the second Apple vulnerability that has been patched this month. The vulnerability, tracked as CVE-2021-1844, is another WebKit browser engine flaw that was deployed as a security fix for this earlier this month.
In January 2021, Apple had addressed three zero-day vulnerabilities, traced as CVE-2021-1782, CVE-2021-1870, and CVE-2021-1871, that enabled a malicious to elevate privileges and achieve remote code execution.
Apple users have been recommended updating their respective devices to evade any security hazard stemming from the zero-day vulnerability.