Apple has addressed three iOS zero-day vulnerabilities actively exploited in attacks the wild and affecting iPhone, iPad, and iPod devices.
The zero-day vulnerabilities have been fixed by the IT giant with the release of iOS 14.2, iOS users are advised to install it immediately.
“Apple is aware of reports that an exploit for this issue exists in the wild,” reads the security advisory.
Apple also fixed the flaws with the release of iPadOS 14.2 and watchOS 5.3.8, 6.2.9, and 7.1. The issues have also been addressed with the release of iOS 12.4.9 for older generation iPhone devices.
“Targeted exploitation in the wild similar to the other recently reported 0days,” said Shane Huntley, Director and Google’s Threat Analysis Group. “Not related to any election targeting.”
The vulnerabilities are related to three recently disclosed vulnerabilities in Chrome (CVE-2020-17087, CVE-2020-16009, CVE-2020-16010) and in the Windows OS (CVE-2020-17087).
According to Google Project Zero team lead Ben Hawkes, the three iOS zero-days are:
Experts pointed out that the three flaws have been chained to fully compromise iPhone devices remotely.
Google has not published technical details about the threat actors that exploited the above issues in their attacks and their targets.
It is not clear if the threat actors have exploited the vulnerabilities in targeted attacks or in large-scale campaigns.
[adrotate banner=”9″] | [adrotate banner=”12″] |
(SecurityAffairs – hacking, Chrome zero-day)
[adrotate banner=”5″]
[adrotate banner=”13″]
The United Nations Development Programme (UNDP) has initiated an investigation into an alleged ransomware attack…
BlackBerry reported that the financially motivated group FIN7 targeted the IT department of a large…
An international law enforcement operation led to the disruption of the prominent phishing-as-a-service platform LabHost.…
Russia-linked APT Sandworm employed a previously undocumented backdoor called Kapeka in attacks against Eastern Europe since…
Cisco has addressed a high-severity vulnerability in its Integrated Management Controller (IMC) for which publicly…
Threat actors are exploiting the CVE-2023-22518 flaw in Atlassian servers to deploy a Linux variant of…
This website uses cookies.