Apple fixes zero-day vulnerabilities in older generation iOS devices

Apple announced the release of a set of security updates to address two zero-day flaws in previous generation iPhone and iPad devices. The flaws were tracked as CVE-2021-30761 and CVE-2021-30762 and reside in WebKit, the navigation engine employed by Safari and used as a component for loading web content into iOS apps.

The company received reports from various researchers reporting the detection of multiple attempts to exploit this flaw in real-world scenarios in order to execute malicious code during the process of loading web content into WebKit. Apple has already begun releasing the necessary updates to mitigate this risk; users are encouraged to upgrade to iOS v12.5.4 to protect their devices.

This version of the operating system is intended for old generation devices such as the iPhone 5s, iPhone 6, iPhone 6 Plus, iPad Air, iPad mini 2, iPad mini 3 and iPod Touch. These reports represent the eighth and ninth zero-day exploit vulnerabilities addressed by the company this year. Previous reports include:

  • CVE-2021-1879: WebKit flaw affecting both older and new generation iOS, iPadOS, and watchOS
  • CVE-2021-30657: MacOS Gatekeeper Evasion Exploited by Shlayer Hacker
  • CVE-2021-30661: WebKit flaw impacting old and next-generation iOS, iPadOS, watchOS, and tvOS
  • CVE-2021-30663: WebKit fails zero-day affecting macOS, iOS, iPadOS, and watchOS
  • CVE-2021-30665: WebKit fails zero-day affecting macOS, iOS, iPadOS, and watchOS
  • CVE-2021-30666: Zero-day flaw in WebKit affecting macOS, iOS, iPadOS, and watchO
  • CVE-2021-30713: Evasion of macOS TCC abused by XCSSET malware
  • CVE-2021-30761: WebKit zero-day flaw affecting previous-generation iOS devices
  • CVE-2021-30762: WebKit zero-day flaw affecting previous-generation iOS devices

All these flaws were duly addressed at the time, although their active exploitation could not be avoided. However, Apple points out that since the detected flaws primarily impacted previous generation devices the risk of exploitation is greatly reduced.

To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.