In the latest developments, Apple has patched up another set of zero-day vulnerabilities in an iOS 12.5.4 update, that were being actively exploited in the wild. These Apple Zero Day vulnerabilities were detected and reported by anonymous security researchers.
Two zero-days vulnerabilities:
The two Apple zero-day vulnerabilities tracked as CVE-2021-30761 and CVE-2021-30762, are a result of memory corruption and use after free in the WebKit browser engine, respectively. Both of these vulnerabilities were detected and reported by anonymous security researchers.
WebKit is a browser engine developed by Apple and primarily used in its Safari web browser, as well as all iOS web browsers to provide HTML content.
“Apple is aware of a report that this issue may have been actively exploited,” states Apple when addressing the two iOS 12.5 Apple zero-day vulnerabilities.
- CVE-2021-30761 – A memory corruption issue that could be exploited to gain arbitrary code execution when processing maliciously crafted web content. The flaw was addressed with improved state management.
- CVE-2021-30762 – A use-after-free issue that could be exploited to gain arbitrary code execution when processing maliciously crafted web content. The flaw was resolved with improved memory management.
Security experts are of the opinion that these two Apple zero-day bugs could be potentially exploited by using specially architectured web content that would prompt arbitrary code execution following the loading by targets on unpatched devices.
The devices that were affected due to the zero-days were the older iPhones (iPhone 5s, iPhone 6, iPhone 6 Plus), iPads (iPad Air, iPad mini 2, iPad mini 3), and the iPod touch (6th generation).
Also read,
2021- An Apple Zero-Day Saga
The year 2021 has witnessed Apple patched a range of zero-days, with a majority of them being reported as getting exploited in the wild.
A list of the Apple zero-days that have been addressed and patched up since the start of the year is as follows:
- CVE-2021-1782 (Kernel) – A malicious application may be able to elevate privileges
- CVE-2021-1870 (WebKit) – A remote attacker may be able to cause arbitrary code execution
- CVE-2021-1871 (WebKit) – A remote attacker may be able to cause arbitrary code execution
- CVE-2021-1879 (WebKit) – Processing maliciously crafted web content may lead to universal cross-site scripting
- CVE-2021-30657 (System Preferences) – A malicious application may bypass Gatekeeper checks
- CVE-2021-30661 (WebKit Storage) – Processing maliciously crafted web content may lead to arbitrary code execution
- CVE-2021-30663 (WebKit) – Processing maliciously crafted web content may lead to arbitrary code execution
- CVE-2021-30665 (WebKit) – Processing maliciously crafted web content may lead to arbitrary code execution
- CVE-2021-30666 (WebKit) – Processing maliciously crafted web content may lead to arbitrary code execution
- CVE-2021-30713 (TCC framework) – A malicious application may be able to bypass Privacy preferences.