Apple closes three zerodays in iOS

Apple has released an update to iOS that will close three zerodays. According to the company, the holes in the kernel and in WebKit were actively exploited. The company doesn’t give details about that specific attack

It’s about holes in iOS iOS 14.3 and iPadOS 14.3 that have been updated to version 14.4. The operating system contained three bugs, Apple writes in the patch notes. The bugs were suggested by anonymous security researchers. One of the leaks is in the iOS kernel. CVE-2021-1782 is a privileged escalation bug created by a race condition and which could be loaded by a compromised application

A.m. two other leaks were also discovered in WebKit. The Safari browser uses this, among other things. CVE-2021-1870 and CVE-2021-1871 are logic issues which were exploited by visiting a website. This allowed code to run on the device. Apple does not provide further details about the vulnerabilities or attacks in which they would be used. Given the nature of the leaks, it’s possible that they’re being carried out in conjunction with each other

Youri