These were the 15th zero-days targeting macOS and iOS, according to the technology news site SecurityWeek.
Apple has released patches for two zero-day flaws in its iOS and macOS operating systems, warning that these are being actively exploited.
The site, which tracks zero-day attacks, said there had been 64 attacks this year. Twenty have targeted Microsoft products.
The flaws were in the CoreGraphics and WebKit components of the two operating systems.
One was credited to the Citizen Lab research group, and includes an iOS zero-click exploit for iMessage that was used to target activists in Bahrain. Together with another similar exploit, these were given the name FORCEDENTRY by Citizen Lab.
The company provided no detail about the issues, merely saying about the iOS flaws:
“Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)
“Impact: Processing a maliciously crafted PDF may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited. “Description: An integer overflow was addressed with improved input validation.
“CVE-2021-30860: The Citizen Lab; “WebKit
“Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) “Impact: Processing maliciously crafted Web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.
“Description: A use after free issue was addressed with improved memory management. “CVE-2021-30858: an anonymous researcher.”
While the advisory did not say so, both flaws are also found in the macOS Big Sur 11.6 and macOS Catalina versions of the operating system. Contacted for comment, Satnam Narang, a staff research engineer at security firm Tenable, said attackers could exploit CVE-2021-30860, an integer overflow vulnerability in CoreGraphics, by sending a specially crafted PDF file to a target via iMessage.
The News Highlights
- This year, Apple has patched the 15th zero-day vulnerability, which affects both iOS and macOS
- Check the latest update on Security news
For Latest News Follow us on Google News
- Show all
- Trending News
- Popular By week