Experts On IOS 0-Days Vulnerabilities Discovered

This week Apple reported that there are currently two iOS 0-days that allow hackers to compromise fully patched devices. This comes a week after Apple issued its biggest iOS and iPadOS update since last September’s release of version 14.0.

Experts Comments

May 06, 2021
Boris Larin
Security Researcher
Kaspersky

CVE-2021-30663 and CVE-2021-30665 are vulnerabilities in Webkit. It's a browser engine, which is used in Apple’s Safari and other browsers. Apple released updates that fix these vulnerabilities on iOS and macOS devices. It was reported that at the moment the vulnerabilities were discovered, they had been actively used by cybercriminals. However, right now we do not have information about who the attackers are and what their targets were. Usually, browser exploits are delivered to victims via

.....Read More

CVE-2021-30663 and CVE-2021-30665 are vulnerabilities in Webkit. It's a browser engine, which is used in Apple’s Safari and other browsers. Apple released updates that fix these vulnerabilities on iOS and macOS devices. It was reported that at the moment the vulnerabilities were discovered, they had been actively used by cybercriminals. However, right now we do not have information about who the attackers are and what their targets were. Usually, browser exploits are delivered to victims via targeted phishing (messages with a link to exploit) or via watering hole attacks, in which a website contains a malicious web script, and all website visitors with a suitable web browser become victims of the exploit.

 

After successful execution of the web browser exploit, the attackers can execute code in the browser’s process. Usually, web browser exploits are used with other exploits to elevate privileges and escape the sandbox. After escaping the sandbox, the actors gain full control over the victims’ device. At the moment, it is not clear which OS - macOS or iOS was targeted in discovered attacks.

  Read Less

Submit Your Expert Comments

What do you think of the topic? Do you agree with expert(s) or share your expert opinion below.
Be part of our growing Information Security Expert Community (1000+), please register here.

Write Your Expert Comments *
Your Registered Email *
Notification Email (If different from your registered email)
* By using this form you agree with the storage and handling of your data by this web site.