TRENDING:

Endpoint Security , Governance & Risk Management , Open XDR

Apple Patches 3 Flaws Affecting Certain Devices

Two Zero-Days Were Being Exploited Akshaya Asokan (asokan_akshaya) • June 16, 2021    
Apple Patches 3 Flaws Affecting Certain Devices

Apple has released patches for two zero-day vulnerabilities and a fix for another security issue, all of which affected devices running iOS version 12.5.3. It says the zero-day flaws are being exploited in the wild by developing malicious certificates for arbitrary code execution.

See Also: A proactive approach to your agency's security

The security flaws in Apple's web browser engine WebKit affect iPhone 5, iPhone 6, iPhone 6 Plus, iPad Air, iPad Mini 2 and 3, and iPod Touch (sixth generation).

The three vulnerabilities are:

  • CVE-2021-30737: This is a memory corruption issue in the ASN.1 language, used for data defining. Apple addressed the issue by removing the vulnerable code.
  • CVE-2021-30761: This zero-day flaw, disclosed by an unidentified researcher, is a memory corruption vulnerability that was patched. Exploiting the flaw could lead to remote code execution.
  • CVE-2021-30762: This zero-day flaw is a "use after free" issue vulnerability. If a program does not clear the memory pointer after a memory location has been freed, the error can be used by an attacker to hack the program. Apple issued a patch.

Meanwhile, Microsoft has released an endpoint detection tool to help iOS users detect jailbreaking and phishing and block malicious traffic.

Other Apple Issues

In April, ransomware gang REvil threatened to release Apple device blueprints unless it received a massive payoff hours before the company was scheduled to make a series of major new product announcements. REvil published several alleged blueprints for Apple devices, which it claimed to have stolen from Taiwanese manufacturer Quanta Computer (see: REvil Ransomware Gang Threatens Stolen Apple Blueprint Leak).

In January, security researchers at Sentinel Labs identified an updated version of the cryptominer OSAMiner, which targeted the macOS to mine for monero (see: Updated macOS Cryptominer Uses Fresh Evasion Techniques).

And in December 2020, researchers at Trend Micro uncovered a macOS backdoor variant linked to an advanced persistent threat group operating from Vietnam. The malware used an updated backdoor and multistage payloads, as well as anti-detection techniques to help bypass security tools (see: Fresh macOS Backdoor Variant Linked to Vietnamese Hackers).

Previous
Behind the Scenes of a Business Email Compromise Attack
Next
Biden Promises Retaliation Unless Putin Stops Cyberattacks

About the Author

Akshaya Asokan

Akshaya Asokan

Senior Correspondent, ISMG

Asokan is a U.K.-based senior correspondent for Information Security Media Group's global news desk. She previously worked with IDG and other publications, reporting on developments in technology, minority rights and education.



Around the Network

Safeguarding Critical OT and IoT Gear Used in Healthcare
Safeguarding Critical OT and IoT Gear Used in Healthcare
Transforming a Cyber Program in the Aftermath of an Attack
Transforming a Cyber Program in the Aftermath of an Attack
Medical Device Cyberthreat Modeling: Top Considerations
Medical Device Cyberthreat Modeling: Top Considerations
Protecting Medical Devices Against Future Cyberthreats
Protecting Medical Devices Against Future Cyberthreats
How the NIST CSF 2.0 Can Help Healthcare Sector Firms
How the NIST CSF 2.0 Can Help Healthcare Sector Firms
How 'Security by Default' Boosts Health Sector Cybersecurity
How 'Security by Default' Boosts Health Sector Cybersecurity
Evolving Threats Facing Robotic and Other Medical Gear
Evolving Threats Facing Robotic and Other Medical Gear
Identity Security and How to Reduce Risk During M&A
Identity Security and How to Reduce Risk During M&A
Properly Vetting AI Before It's Deployed in Healthcare
Properly Vetting AI Before It's Deployed in Healthcare
Is It Generative AI's Fault, or Do We Blame Human Beings?
Is It Generative AI's Fault, or Do We Blame Human Beings?

Continue »

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing databreachtoday.in, you agree to our use of cookies.