Business

News

 
More...

Alerts

 
More...

Events

 
More...
 
     
 

Three Major Vulnerabilities in Apple Operating Systems

 

Systems Affected


iOS, tvOS, and iPadOS prior to version 14.4

Threat Level


High


Overview


Multiple vulnerabilities have been identified in the Apple iOS, tvOS, and iPadOS (CVE-2021-1782, CVE-2021-1870, and CVE-2021-1871) which could allow an attacker to elevate privilege and achieve remote code execution.


Description


Privilege escalation exists due to a bug in the kernel and the remote code execution exists due to a logic issue in the WebKit browser engine, permitting an attacker to execute remote codes inside the Safari web browser.
A successful attack could allow an attacker to escalate privileges and run arbitrary commands to take control of the device.


Impact


  ✻  Exposing sensitive information to unauthorized parties
  ✻  Unauthorized access
  ✻  Losing control of the device
  ✻  Malware infections


Solution/ Workarounds


  ✻  Apply the appropriate security patch mentioned below,
   https://support.apple.com/en-us/HT201222


References


  ✻  https://support.apple.com/en-us/HT201222
  ✻  https://www.cert.govt.nz
  ✻  https://thehackernews.com/2021/01/apple-warns-of-3-ios-zero-day-security.html
  ✻  https://www.apple.com


Disclaimer


The information provided herein is on "as is" basis, without warranty of any kind.


 
     

© Copyright Sri Lanka CERT|CC. All Rights Reserved.