Apple fixes yet more iOS zero-day security threats

Once again the vulnerabilities exist in the WebKit browser engine

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

Applehas fixed several more zero-day vulnerabilities in itsiOSoperating systemwhich the company  says could have been “actively exploited" to break into older iOS devices.

In itssecurity advisory,Applesaid threat actors could exploit the two vulnerabilities, tracked as CVE-2021-30761 and CVE-2021-30762, through maliciously crafted web content that would trigger arbitrary code execution on unpatched devices

The vulnerabilities impact older iOS devices running iOS 12.5.4 according to the advisory, includingiPhone 5S, 6,6 Plus,iPad Air, theiPad Mini 2, andiPad Mini 3, and the 6th generationiPod touch.

Apple notes that while CVE-2021-30761 is a memory corruption issue, CVE-2021-30762 is a “use after free issue” and credits the discovery of both to anonymous researchers.

String of zero-days

String of zero-days

Bleeping Computernotes that Apple has fixed a string of zero-day vulnerabilities this year. Surprisingly many of the earlier ones concerned the WebKitweb browserengine as well.

Before patching these latest ones, Applepatched another two last month in May, which along with another vulnerability in late April also existed in WebKit.

Not surprisingly, just like these latest vulnerabilities, Apple had also previously acknowledged reports of the earlier zero-days being exploited in the wild as well.

Are you a pro? Subscribe to our newsletter

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

In fact, as perBleeping Computerthe latest round of vulnerabilities bring the total number of iOS zero-days patched this year to nine, with most of them tagged as having been exploited in the wild.

The latest round of iOS fixes even prompted the US Cybersecurity and Infrastructure Security Agency (CISA) toput out an advisoryurging users to “apply the necessary updates.”

With almost two decades of writing and reporting on Linux, Mayank Sharma would like everyone to think he’sTechRadar Pro’sexpert on the topic. Of course, he’s just as interested in other computing topics, particularly cybersecurity, cloud, containers, and coding.

A new form of macOS malware is being used by devious North Korean hackers

Scammers are using fake copyright infringement claims to hack businesses

Quordle today – hints and answers for Saturday, November 9 (game #1020)