You are currently viewing Apple Patches Critical Zero-Days Vulnerabilities Exploited in the Wild

Apple Patches Critical Zero-Days Vulnerabilities Exploited in the Wild

Apple released security updates for multiple products, including Safari, Xcode, tvOS, watchOS, iOS, iPadOS, and iTunes. There are a total of 30 vulnerabilities addressed, including Arbitrary Code Execution, Denial of Service, Privilege Escalation, Sandbox Escape, and Information Disclosure. Out of these 30 CVEs, 14 vulnerabilities are considered very critical as they allow an attacker to execute arbitrary code.

On Thursday, Apple patched three critical Zero-Day vulnerabilities which were being exploited in the wild. These vulnerabilities can be tracked as CVE-2021-30858, CVE-2021-30860, and CVE-2021-30869 and impact a wide range of iPhone and iPad models, including iPhone 5s iPhone 6, iPhone 6 Plus, iPad Air, iPad Mini 2, iPad Mini 3, and sixth-generation iPod touch.


Zero-day vulnerabilities Summary:

Zero-Day (CVE-2021-30869)
A critical zero-day vulnerability exploited in the wild was found in the XNU operating system kernel and reported by Erye Hernandez and Clément Lecigne of Google Threat Analysis Group and Ian Beer of Google Project Zero. Successful exploitation of the vulnerability leads to arbitrary code execution with kernel privileges on compromised devices.
Affected Products: iPhone and iPad models, iPhone 5s, iPhone 6, iPhone 6 Plus, iPad Air, iPad mini 2, iPad mini 3, and sixth-generation iPod touch.
Solution: iOS 12.5.5

Zero-Day ( CVE-2021-30860)

Another zero-day vulnerability was discovered by Citizen Lab, an interdisciplinary laboratory at the University of Toronto’s Munk School of Global Affairs. The vulnerability, exploited in the wild, affected the CoreGraphics feature of iOS. Successful vulnerability exploitation allows attackers to execute arbitrary code on a target device through maliciously crafted PDFs.
Affected Products: iPhone and iPad models, iPhone 5s, iPhone 6, iPhone 6 Plus, iPad Air, iPad mini 2, iPad mini 3, and sixth-generation iPod touch.
Solution: iOS 12.5.5
Zero-Day (CVE-2021-30858)
Finally, there is one more critical zero-day vulnerability exploited in the wild, affecting the WebKit feature of iOS. Successful exploitation leads to arbitrary code execution.
Affected Products: iPhone and iPad models, Phone 5s, iPhone 6, iPhone 6 Plus, iPad Air, iPad mini 2, iPad mini 3, and sixth-generation iPod touch.
Solution: iOS 12.5.5


Apple Security Updates Summary :







SecPod Saner detects these vulnerabilities and automatically fixes them by applying security updates. Download Saner now and keep your systems updated and secure.


Subscribe For More Posts Like This

Get the latest research, best practices, industry trends and cybersecurity blogs from SecPod security experts

Invalid email address
We promise not to spam you. You can unsubscribe at any time.
0 0 votes
Article Rating
Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments