Three new Zero-Day vulnerabilities patch released by Apple.
Exploited in the wild:
On Tuesday, Apple released updates for iOS 14.4, iPadOS 14.4, and tvOS for three Zero-Day vulnerabilities — exploited in the wild.
The three Zero-Day vulnerability ID’s are:
Importantly, these vulnerabilities could have allowed an attacker to elevate privileges and achieve remote code execution.
However, the webkit flaws described as a “logic issue” — permitting an attacker to achieve arbitrary code execution inside Safari.
Apple said the race condition and the WebKit flaws were addressed with improved locking and restrictions, respectively.
However, official details about the attacks where these vulnerabilities were used were not made public, as is typical with most Apple zero-day disclosures these days.
In short, install the patch updates for the below devices available:
- iPhone 6s and later
- iPad Air 2 and later
- iPod touch (7th generation)
- iPad mini 4 and later
- as well as Apple TV 4K and Apple TV HD.