Skip to main content

Apple fixes yet more iOS zero-day security threats

iphone
(Image credit: StockSnap / Pixabay)
Audio player loading…

Apple (opens in new tab) has fixed several more zero-day vulnerabilities in its iOS (opens in new tab) operating system which the company  says could have been “actively exploited" to break into older iOS devices.

In its security advisory (opens in new tab), Apple said threat actors could exploit the two vulnerabilities, tracked as CVE-2021-30761 and CVE-2021-30762, through maliciously crafted web content that would trigger arbitrary code execution on unpatched devices

The vulnerabilities impact older iOS devices running iOS 12.5.4 according to the advisory, including iPhone 5S (opens in new tab), 6, 6 Plus (opens in new tab), iPad Air (opens in new tab), the iPad Mini 2 (opens in new tab), and iPad Mini 3 (opens in new tab), and the 6th generation iPod touch (opens in new tab).

Apple notes that while CVE-2021-30761 is a memory corruption issue, CVE-2021-30762 is a "use after free issue" and credits the discovery of both to anonymous researchers.

String of zero-days

Bleeping Computer (opens in new tab) notes that Apple has fixed a string of zero-day vulnerabilities this year. Surprisingly many of the earlier ones concerned the WebKit web browser (opens in new tab) engine as well.

Before patching these latest ones, Apple patched another two last month in May (opens in new tab), which along with another vulnerability in late April also existed in WebKit.

Not surprisingly, just like these latest vulnerabilities, Apple had also previously acknowledged reports of the earlier zero-days being exploited in the wild as well. 

In fact, as per Bleeping Computer the latest round of vulnerabilities bring the total number of iOS zero-days patched this year to nine, with most of them tagged as having been exploited in the wild.

The latest round of iOS fixes even prompted the US Cybersecurity and Infrastructure Security Agency (CISA) to put out an advisory (opens in new tab) urging users to “apply the necessary updates.”

With almost two decades of writing and reporting on Linux, Mayank Sharma would like everyone to think he’s TechRadar Pro’s expert on the topic. Of course, he’s just as interested in other computing topics, particularly cybersecurity, cloud, containers, and coding.