In a new update from Apple for iOS, the operating system used for iPhone and iPad, the company addresses three zero-day flaws that have been exploited by attackers. The first zero-day is tracked as CVE-2021-1782, which would allow a remote attacker to escalate privileges on the system by exploiting a race condition in the Kernel component. The other two zero-days, tracked as CVE-2021-1870 and CVE-2021-1871, are described as a logic-issue that could allow remote attackers to execute their malicious code inside the device’s Safari Browser. Researchers believe the three zero-days are part of an exploit chain where users are lured to malicious sites that take advantage of the WebKit bug to run code that later escalates its privileges to run system-level code and compromise the device. The security update is available for iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation.
By Anthony Zampino Introduction Leading up to the most recent Russian invasion of Ukraine in