No Comments

Apple fixes zero day vulnerabilities that allowed remote code execution

 

Three security vulnerabilities zero day were fixed in Apple smartphones, tablets and smart TVs, in an emergency update (14.4), launched this Tuesday (26). The vulnerabilities were identified by an anonymous Google Project Zero researcher and according to Apple, may have been actively explored.

According to the company, one of the vulnerabilities, identified as CVE-2021-1782, was found in the operating system software. “A malicious application may be able to elevate privileges.” Apple is aware of a report that this problem may have been actively explored”, Informs the company about the failure.

Apple statement on vulnerabilities fixed in version 14.4.
Apple statement on vulnerabilities fixed in version 14.4.

The other two (CVE-2021-1870 and CVE-2021-1871) were discovered in the rendering engine (also called a layout engine or navigation engine), which is one of the main software components of the Safari browser.

According to Apple, the flaws affect iPhone 6s and later devices; iPad Air 2 and later; iPad mini 4 and later; iPod touch (7th generation); Apple TV 4K and Apple TV HD. This latest update (14.4), was released after update 14.2, of November 2020, which fixed a total of 24 security holes.


Source: Apple (1), (two); The Hacker News.

See the original post at: https://thehack.com.br/apple-corrige-vulnerabilidades-zero-day-que-permitiam-execucao-de-codigo-remoto/?rand=48873

You might also like

More Similar Posts

Leave a Reply

Your email address will not be published.

Fill out this field
Fill out this field
Please enter a valid email address.