This week, US giant Apple released an urgent security update aimed at fixing three vulnerabilities for its iOS and iPadOS operating systems. According to Apple, previously unknown flaws can be used together to access users’ personal data and other types of digital threats.
The vulnerabilities, which have been dubbed “CVE-2021-1780”, “CVE-2021-1781” and “CVE-2021-1782”, pose a major risk to user privacy. The first two are related to the WebKit engine, used by the Safari browser. While the latter refers to the system’s kernel and can elevate the privileges of a process, authorizing actions not allowed by the user.
This type of flaw, also known as “zero-day”, occurs when hackers gain access to the process of developing an operating system before its release and, thus, take the opportunity to insert malicious code that can be exploited in future virtual crimes.
In this context, Kaspersky’s senior security analyst in Brazil, Fabio Assolini, explains some of the risks that a system affected by vulnerabilities may be subject to.
Assolini details that despite Apple’s protection measures, there are still threats that can compromise the privacy of your system: “There is an effective method of infection – the so-called Drive-By-Download attack. A target just needs to visit a web page prepared with an exploit that will use the vulnerability in the operating system to carry out the invasion, “comments.
He adds that the problem is a critical flaw because it is dealing with an exploit and can thus allow a complete invasion of the system. In this scenario, cybercriminals can gain access to all users’ personal data, including messengers with end-to-end encryption, location history and e-mails. Assolini is assertive about the case: “fixing the vulnerability is the best way to fight the attack.”
The security update, recommended by Apple, is urgent for users looking for greater security and is now available for iOS and iPadOS devices, starting with iPhone 6 and iPad Air 2.