Apple fixes actively exploited vulnerabilities affecting older iDevices - Help Net Security

Apple fixes actively exploited vulnerabilities affecting older iDevices - Help Net Security

Apple has released a security update for older iDevices (iPhones, iPads and iPods) to fix three vulnerabilities, two of which are zero-days that are apparently actively exploited in attacks in the wild.



About the fixed flaws


The security update is iOS 12.5.4, which can still be run on older iDevices: iPhone 5s, iPhone 6, iPhone 6 Plus, iPad Air, iPad mini 2, iPad mini 3, and iPod touch (6th generation).


The two vulnerabilities Apple says “may have been actively exploited” are:


CVE-2021-30761, a memory corruption issue, and
CVE-2021-30762, a use after free bug

Both affect the WebKit browser engine (used by Safari and other iOS web browsers), both may be triggered by maliciously crafted web content and may result in remote code execution, and both have been reported by an anonymous researcher (though Appl ..

Support the originator by clicking the read the rest link below.