You are currently viewing Apple Patches Critical Zero-Days Vulnerabilities Exploited in the Wild

Apple Patches Critical Zero-Days Vulnerabilities Exploited in the Wild

  • Post author:
  • Reading time:11 mins read

Apple released security updates for multiple products, with their patches for critical zero-days vulnerabilities including Safari, Xcode, tvOS, watchOS, iOS, iPadOS, and iTunes. A total of 30 vulnerabilities are addressed, including Arbitrary Code Execution, Denial of Service, Privilege Escalation, Sandbox Escape, and Information Disclosure.  Out of these 30 CVEs, 14 vulnerabilities are considered very critical which was shown on their vulnerability scans as they allow an attacker to execute arbitrary code. This is showing itself due to the vulnerability scanning.

On Thursday, Apple took action to address three critical Zero-Day vulnerabilities actively exploited in the wild. These vulnerabilities, identified as CVE-2021-30858, CVE-2021-30860, and CVE-2021-30869, have an impact on a broad range of iPhone and iPad models, including iPhone 5s, iPhone 6, iPhone 6 Plus, iPad Air, iPad Mini 2, iPad Mini 3, and the sixth-generation iPod touch.


Zero-day vulnerabilities Summary:

Zero-Day (CVE-2021-30869) Get related keyphrases(Opens in a new browser tab)
A critical zero-day vulnerability exploited in the wild was found in the XNU operating system kernel and reported by Erye Hernandez and Clément Lecigne of Google Threat Analysis Group and Ian Beer of Google Project Zero. Successful exploitation of the vulnerability leads to arbitrary code execution with kernel privileges on compromised devices.
Affected Products: iPhone and iPad models, iPhone 5s, iPhone 6, iPhone 6 Plus, iPad Air, iPad mini 2, iPad mini 3, and sixth-generation iPod touch.
Solution: iOS 12.5.5

Zero-Day ( CVE-2021-30860)

Another zero-day vulnerability was discovered by Citizen Lab, an interdisciplinary laboratory at the University of Toronto’s Munk School of Global Affairs. The vulnerability, exploited in the wild, affected the CoreGraphics feature of iOS. Successful vulnerability exploitation allows attackers to execute arbitrary code on a target device through maliciously crafted PDFs.
Affected Products: iPhone and iPad models, iPhone 5s, iPhone 6, iPhone 6 Plus, iPad Air, iPad mini 2, iPad mini 3, and sixth-generation iPod touch.The Apple patch for critical zero day vulnerability is

Solution: iOS 12.5.5
Zero-Day (CVE-2021-30858)
Finally, there is one more critical zero-day vulnerability exploited in the wild, affecting the WebKit feature of iOS. Successful exploitation leads to arbitrary code execution.
Affected Products: iPhone and iPad models, Phone 5s, iPhone 6, iPhone 6 Plus, iPad Air, iPad mini 2, iPad mini 3, and sixth-generation iPod touch.
Solution: iOS 12.5.5


Apple Security Updates Summary :







SecPod Saner detects these vulnerabilities and automatically fixes them by applying security updates. Download Saner now and keep your systems updated and secure.


Share this article