Experts On IOS 0-Days Vulnerabilities Discovered

By   ISBuzz Team
Writer , Information Security Buzz | May 06, 2021 02:40 am PST

This week Apple reported that there are currently two iOS 0-days that allow hackers to compromise fully patched devices. This comes a week after Apple issued its biggest iOS and iPadOS update since last September’s release of version 14.0.

Notify of
1 Expert Comment
Oldest Most Voted
Inline Feedbacks
View all comments
Boris Larin
Boris Larin , Security Researcher
May 6, 2021 10:44 am

<p>CVE-2021-30663 and CVE-2021-30665 are vulnerabilities in Webkit. It\’s a browser engine, which is used in Apple’s Safari and other browsers. Apple released updates that fix these vulnerabilities on iOS and macOS devices. It was reported that at the moment the vulnerabilities were discovered, they had been actively used by cybercriminals. However, right now we do not have information about who the attackers are and what their targets were. Usually, browser exploits are delivered to victims via targeted phishing (messages with a link to exploit) or via watering hole attacks, in which a website contains a malicious web script, and all website visitors with a suitable web browser become victims of the exploit.</p> <p> </p> <p>After successful execution of the web browser exploit, the attackers can execute code in the browser’s process. Usually, web browser exploits are used with other exploits to elevate privileges and escape the sandbox. After escaping the sandbox, the actors gain full control over the victims’ device. At the moment, it is not clear which OS – macOS or iOS was targeted in discovered attacks.</p>

Last edited 2 years ago by Boris Larin

Recent Posts

Would love your thoughts, please comment.x