15 June 2021

Apple fixes two iOS zero-days exploited in the wild


Apple fixes two iOS zero-days exploited in the wild

Apple has released security updates to patch three high-risk vulnerabilities in its iOS operating system, with two of the bugs being zero-day vulnerabilities that the Cupertino-based company says are being exploited in the wild.

The zero-days in question are CVE-2021-30761 and CVE-2021-30762. Both bugs affect the WebKit component in Apple iOS and allow remote code execution.

CVE-2021-30761 is a buffer overflow issue, which exists due to a boundary error when processing HTML content. A remote attacker can create a specially crafted web page, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.

CVE-2021-30762 is a use-after-free vulnerability, which exists due to a boundary error when processing HTML content within the WebKit component in Apple iOS. A remote attacker can create a specially crafted web page, trick the victim into opening it, trigger a use-after-free error and execute arbitrary code on the target system.

In addition, Apple has also patched CVE-2021-30737, which is a buffer overflow bug in ASN.1 decoder. The vulnerability exists due to a boundary error in the ASN.1 decoder when processing TLS certificates. A remote attacker can trick the victim to visit a specially crafted website, trigger memory corruption with a specially crafted TLS certificate and execute arbitrary code on the system.

The iOS 12.5.4 update is intended for iPhone 5s, iPhone 6, iPhone 6 Plus, iPad Air, iPad mini 2, iPad mini 3, and iPod touch (6th generation). All users are advised to update their devices as soon as possible.


Back to the list

Latest Posts

Iranian hackers masqueraded as aerobics instructor to breach US defence company

Iranian hackers masqueraded as aerobics instructor to breach US defence company

The threat actor used alluring social media persona to infect the machine of an employee of the US aerospace defense contractor with the LEMPO malware.
29 July 2021
US, UK and Australia reveal most targeted vulnerabilities in the last two years

US, UK and Australia reveal most targeted vulnerabilities in the last two years

CVE-2019-19781 was the most exploited flaw in 2020.
29 July 2021
Chinese cyberspies target Microsoft Exchange servers with new PlugX variant

Chinese cyberspies target Microsoft Exchange servers with new PlugX variant

The latest version of PlugX has a variety of plug-ins that allow hackers to monitor, update and interact with the compromised system.
29 July 2021