In its security advisory, Apple said threat actors could exploit the two vulnerabilities, tracked as CVE-2021-30761 and CVE-2021-30762, through maliciously crafted web content that would trigger arbitrary code execution on unpatched devices
The vulnerabilities impact older iOS devices running iOS 12.5.4 according to the advisory, including iPhone 5S, 6, 6 Plus, iPad Air, the iPad Mini 2, and iPad Mini 3, and the 6th generation iPod touch.
- Check our list of the best firewall apps and services
- Also check our roundup of the best privacy apps for Android
- Shield yourself with these best identity theft protection services
Apple notes that while CVE-2021-30761 is a memory corruption issue, CVE-2021-30762 is a "use after free issue" and credits the discovery of both to anonymous researchers.
String of zero-days
Before patching these latest ones, Apple patched another two last month in May, which along with another vulnerability in late April also existed in WebKit.
Not surprisingly, just like these latest vulnerabilities, Apple had also previously acknowledged reports of the earlier zero-days being exploited in the wild as well.
In fact, as per Bleeping Computer the latest round of vulnerabilities bring the total number of iOS zero-days patched this year to nine, with most of them tagged as having been exploited in the wild.
The latest round of iOS fixes even prompted the US Cybersecurity and Infrastructure Security Agency (CISA) to put out an advisory urging users to “apply the necessary updates.”
- We’ve also compiled a list of the best Android antivirus apps
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
With almost two decades of writing and reporting on Linux, Mayank Sharma would like everyone to think he’s TechRadar Pro’s expert on the topic. Of course, he’s just as interested in other computing topics, particularly cybersecurity, cloud, containers, and coding.