Apple releases emergency iOS update to fix serious security issues

Apple says it’s aware of vulnerabilities

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

Applehas released a new update to patch two zero-day vulnerabilities iniOS, which if exploited could allow hackers to execute malicious code, even on fully up-to-date devices.

The update comes a week afterApplerolled out themajor 14.5 updateto its iOS and iPadOS platforms.

Apple notes that both vulnerabilities originated in the Webkit browser engine that powers not just theSafariweb browser, but also Mail and the App Store oniOS devices.

We’re looking at how our readers use VPN for a forthcoming in-depth report. We’d love to hear your thoughts in the survey below. It won’t take more than 60 seconds of your time.

Click here to start the survey in a new window«

Tracked as CVE-2021-30663 and CVE-2021-30665, both of the zero-day vulnerabilities have now been patched. However, in its security notes, Apple says it is aware of a report that these issues may have been actively exploited in the wild.

Going after Apple

Going after Apple

The two patched flaws follow another code-execution flaw Apple fixed last week, which also existed in the iOS Webkit and may have been actively exploited as well.

In its security notes, Apple says that the newly patched vulnerabilities could be weaponized by processing maliciously crafted web content, which would have led to arbitrary code execution.

The iPhone maker acknowledges that one of the vulnerabilities was discovered by security researchers from Chinese security firmQihoo 360. It credits the discovery of the other vulnerability to an anonymous researcher.

Are you a pro? Subscribe to our newsletter

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

Interestingly, based on figures published byGoogle’s Project Zero,Ars Technica, deduces that the three recently patched iOS vulnerabilities bring the number of actively exploited zero-day vulnerabilities in iOS to seven.

It extrapolates this to suggest that this makes iOS the second most targeted software by zero-day vulnerabilities in 2021, behind Chrome, which leads the pack with eight zero-days.

ViaArs Technica

With almost two decades of writing and reporting on Linux, Mayank Sharma would like everyone to think he’sTechRadar Pro’sexpert on the topic. Of course, he’s just as interested in other computing topics, particularly cybersecurity, cloud, containers, and coding.

This new phishing strategy utilizes GitHub comments to distribute malware

Should your VPN always be on?

NYT Strands today — hints, answers and spangram for Sunday, November 10 (game #252)