29 Mar, 2021

Zeroday Notice from Apple

Apple has released security updates to fix vulnerabilities in iPhone, iPad and Apple Waztch products. Cyber ​​threat actors can take control of the device by exploiting this vulnerability. It was announced that the vulnerability was closed by publishing the IoS 14.4.2 update.

The vulnerability, tracked as CVE-2021-1879, affects the code block of the WebKit component for the purposes that cyber threat actors can attack, causing an XSS attack in processing the web content. An attacker can insert arbitrary HTML and script code into the website. This will change the view and make it possible to initiate an attack against site visitors. The MITER ATT&CK project announces the attack technique as T1059.007. It's about a WebKit bug that could cause their attacks.

 

Security updates are required for the following devices;

  • iOS 12.5.2– Phone 5s, iPhone 6, iPhone 6 Plus, iPad Air, iPad mini 2, iPad mini 3 and iPod touch (6th generation)
  • iOS 14.4.2– iPhone 6s and later and iPod touch (7th generation)
  • iPadOS 14.4.2– iPad Pro (all models), iPad Air 2 and above, iPad 5th generation and above, iPad mini 4 and above
  • watchOS 7.3.3– Apple Watch Series 3 and later

 

Apple released 3 more ZeroDay vulnerabilities in January 2021 (CVE-2021-1782, CVE-2021-1870 and CVE-2021-1871)

Source:

https://support.apple.com/en-us/HT212258

https://support.apple.com/en-us/HT212257

https://support.apple.com/en-us/HT212256


To request a quotation for the following: Cyber Security, Digital Transformation, MSSP, Penetration Testing, KVKK, GDPR, ISO 27001 and ISO 27701, please click here.

About Content:
Share on Social Media:
Facebook
Twitter
LinkedIn
Telegram