Three critical vulnerabilities have been closed with the iOS 14.4, iPadOS 14.4 and tvOS 14.4 updates released by Apple last night. While there is no need to worry too much when it comes to security vulnerability and Apple, it may be different this time. This vulnerability, also called Zero-Day, allows malicious individuals to remotely control Apple devices.
Although the gaps were closed with the updates published, Apple did not make a detailed statement on the subject.
3 vulnerabilities covered by Apple provide remote control
Zero-Day vulnerabilities (CVE-2021-1782 – CVE-2021-1870 – CVE-2021-1871), reported by an anonymous researcher, allow attackers to increase their authority on Apple devices and remote code execution on the device. Although Apple made a statement on the subject, no data was shared about how common the attack was or the number of active users affected by the attack.
The kernel vulnerability (CVE-2021-1782) allows a malicious application to increase its privileges on the device. The other two vulnerabilities (CVE-2021-1870 – CVE-2021-1871), which are called logic problems in the Webkit browser, allow the attacker to execute code in Safari.
The Zero-Day vulnerability was closed by Apple with the updates released yesterday. However, the resulting vulnerability is unlikely to be made public until the patches are widely applied. Although there is no exact information yet, the resulting security vulnerability may have caused a chain reaction.
The attack occurs upon entering a compromised website. The user who enters this website cannot prevent malicious code from entering his device, and the attacker takes control.
This type of attack had previously targeted Al Jazeera journalists. Although this vulnerability was closed with iOS 13.5.1, the fact that the problem came back to the agenda caused question marks in mind.
You can reach the statement made by Apple on the subject here for iOS and iPadOS, and here for tvOS.