Skip to main content

Apple releases emergency iOS update to fix serious security issues

The back of an iPhone
(Image credit: Future)
Audio player loading…

Apple (opens in new tab) has released a new update to patch two zero-day vulnerabilities in iOS (opens in new tab), which if exploited could allow hackers to execute malicious code, even on fully up-to-date devices.

The update comes a week after Apple rolled out the major 14.5 update (opens in new tab) to its iOS and iPadOS platforms.  

Apple notes that both vulnerabilities originated in the Webkit browser engine that powers not just the Safari web browser (opens in new tab), but also Mail and the App Store on iOS devices (opens in new tab).

TechRadar needs yo...

We're looking at how our readers use VPN for a forthcoming in-depth report. We'd love to hear your thoughts in the survey below. It won't take more than 60 seconds of your time.

>> Click here to start the survey in a new window (opens in new tab)<<

Tracked as CVE-2021-30663 and CVE-2021-30665, both of the zero-day vulnerabilities have now been patched. However, in its security notes, Apple says it is aware of a report that these issues may have been actively exploited in the wild.

Going after Apple

The two patched flaws follow another code-execution flaw Apple fixed last week, which also existed in the iOS Webkit and may have been actively exploited as well. 

In its security notes, Apple says that the newly patched vulnerabilities could be weaponized by processing maliciously crafted web content, which would have led to arbitrary code execution.

The iPhone maker acknowledges that one of the vulnerabilities was discovered by security researchers from Chinese security firm Qihoo 360 (opens in new tab). It credits the discovery of the other vulnerability to an anonymous researcher. 

Interestingly, based on figures published by Google’s Project Zero, Ars Technica, deduces that the three recently patched iOS vulnerabilities bring the number of actively exploited zero-day vulnerabilities in iOS to seven.

It extrapolates this to suggest that this makes iOS the second most targeted software by zero-day vulnerabilities in 2021, behind Chrome, which leads the pack with eight zero-days.

Via Ars Technica (opens in new tab)

Mayank Sharma
Mayank Sharma

With almost two decades of writing and reporting on Linux, Mayank Sharma would like everyone to think he’s TechRadar Pro’s expert on the topic. Of course, he’s just as interested in other computing topics, particularly cybersecurity, cloud, containers, and coding.