Three Major Vulnerabilities in Apple Operating Systems

  • CERT Admin
  • Fri Jan 29 2021
  • Alerts

Systems Affected 

iOS, tvOS, and iPadOS prior to version 14.4 

Threat Level 

High 

Overview 

Multiple vulnerabilities have been identified in the Apple iOS, tvOS,and iPadOS (CVE-2021-1782, CVE-2021-1870, and CVE-2021-1871) which could allow an attacker to elevate privilege and achieve remote code execution. 

Description 

Privilege escalation exists due to a bug in the kernel and the remote code execution exists due to a logic issue in the WebKit browser engine,permitting an attacker to execute remote codes inside the Safari web browser.
A successful attack could allow an attacker to escalate privileges and run arbitrary commands to take control of the device.  

Impact 

  ✻  Exposing sensitive information to unauthorized parties
  ✻  Unauthorized access
  ✻  Losing control of the device
  ✻  Malware infections  

Solution/ Workarounds 

 ✻  Apply the appropriate security patch mentioned below,
   https://support.apple.com/en-us/HT201222  

References 

  ✻  https://support.apple.com/en-us/HT201222
  ✻  https://www.cert.govt.nz
  ✻  https://thehackernews.com/2021/01/apple-warns-of-3-ios-zero-day-security.html
  ✻  https://www.apple.com  

Disclaimer 

The information provided herein is on "as is" basis, without warranty of any kind. 

Last updated: Fri Jan 29 2021