|

Apple: Update με κλείσιμο τριών 0-day ευπαθειών

 

Με επείγουσες αναβαθμίσεις, η Apple κλείνει 3 zero-day ευπάθειες στα iOS και iPadOS που είναι ενεργοί στόχοι επιθέσεων και επηρεάζουν την πλειοψηφία των προϊντων της.

Επηρεάζονται τα iPhone από την έκδοση 6s και μετά, τα iPad Air 2 και μεταγενέστερα, iPad mini 4 και τα επόμενα μοντέλα του, η τελευταία γενιά του iPod Touch, ενώ ευάλλωτα είναι και τα Apple Watch και η Apple TV.

The first flaw, tracked as CVE-2021-1782 and located in the OS kernel, is a race condition bug that could lead to an escalation of privilege, which could be exploited by an attacker using a malicious application. In plain English this it means that an attacker could use the application to gain additional privileges in the device’s operating system, which would allow them to wreak all kinds of havoc.

Meanwhile, the other two security flaws, indexed as CVE-2021-1871 and CVE-2021-1870, reside in the WebKit component, Apple’s open-source web browser engine used by the Safari browser, Mail, and various other iOS and iPadOS apps. According to the bug’s description, it stems from “a logic issue” that could be exploited by a remote attacker and allow them to execute arbitrary code. According to Vulmon, the duo of flaws could be exploited by “by persuading a victim to visit a specially crafted Web site.”

[via]