Experts On IOS 0-Days Vulnerabilities Discovered

This week Apple reported that there are currently two iOS 0-days that allow hackers to compromise fully patched devices. This comes a week after Apple issued its biggest iOS and iPadOS update since last September’s release of version 14.0.

Subscribe
Notify of
guest
1 Expert Comment
Most Voted
Newest Oldest
Inline Feedbacks
View all comments
Boris Larin
Boris Larin , Security Researcher
InfoSec Expert
May 6, 2021 10:44 am

<p>CVE-2021-30663 and CVE-2021-30665 are vulnerabilities in Webkit. It\’s a browser engine, which is used in Apple’s Safari and other browsers. Apple released updates that fix these vulnerabilities on iOS and macOS devices. It was reported that at the moment the vulnerabilities were discovered, they had been actively used by cybercriminals. However, right now we do not have information about who the attackers are and what their targets were. Usually, browser exploits are delivered to victims via targeted phishing (messages with a link to exploit) or via watering hole attacks, in which a website contains a malicious web script, and all website visitors with a suitable web browser become victims of the exploit.</p> <p> </p> <p>After successful execution of the web browser exploit, the attackers can execute code in the browser’s process. Usually, web browser exploits are used with other exploits to elevate privileges and escape the sandbox. After escaping the sandbox, the actors gain full control over the victims’ device. At the moment, it is not clear which OS – macOS or iOS was targeted in discovered attacks.</p>

Last edited 1 year ago by Boris Larin
Information Security Buzz
1
0
Would love your thoughts, please comment.x
()
x