The update comes a week after Apple rolled out the major 14.5 update to its iOS and iPadOS platforms.
We're looking at how our readers use VPN for a forthcoming in-depth report. We'd love to hear your thoughts in the survey below. It won't take more than 60 seconds of your time.
- Protect your devices with these best antivirus software
- Here's our choice of the best malware removal software on the market
- We’ve also rounded up the best ransomware protection tools
Tracked as CVE-2021-30663 and CVE-2021-30665, both of the zero-day vulnerabilities have now been patched. However, in its security notes, Apple says it is aware of a report that these issues may have been actively exploited in the wild.
Going after Apple
The two patched flaws follow another code-execution flaw Apple fixed last week, which also existed in the iOS Webkit and may have been actively exploited as well.
In its security notes, Apple says that the newly patched vulnerabilities could be weaponized by processing maliciously crafted web content, which would have led to arbitrary code execution.
The iPhone maker acknowledges that one of the vulnerabilities was discovered by security researchers from Chinese security firm Qihoo 360. It credits the discovery of the other vulnerability to an anonymous researcher.
Interestingly, based on figures published by Google’s Project Zero, Ars Technica, deduces that the three recently patched iOS vulnerabilities bring the number of actively exploited zero-day vulnerabilities in iOS to seven.
It extrapolates this to suggest that this makes iOS the second most targeted software by zero-day vulnerabilities in 2021, behind Chrome, which leads the pack with eight zero-days.
- Here's our list of the best business smartphones available
Via Ars Technica