Three security vulnerabilities zero day were fixed in Apple smartphones, tablets and smart TVs, in an emergency update (14.4), launched this Tuesday (26). The vulnerabilities were identified by an anonymous Google Project Zero researcher and according to Apple, may have been actively explored.
According to the company, one of the vulnerabilities, identified as CVE-2021-1782, was found in the operating system software. “A malicious application may be able to elevate privileges.” Apple is aware of a report that this problem may have been actively explored”, Informs the company about the failure.
The other two (CVE-2021-1870 and CVE-2021-1871) were discovered in the rendering engine (also called a layout engine or navigation engine), which is one of the main software components of the Safari browser.
According to Apple, the flaws affect iPhone 6s and later devices; iPad Air 2 and later; iPad mini 4 and later; iPod touch (7th generation); Apple TV 4K and Apple TV HD. This latest update (14.4), was released after update 14.2, of November 2020, which fixed a total of 24 security holes.
Source: Apple (1), (two); The Hacker News.
See the original post at: https://thehack.com.br/apple-corrige-vulnerabilidades-zero-day-que-permitiam-execucao-de-codigo-remoto/?rand=48873
