skout-blog

Cybersecurity Threat Advisory 0007-21: Apple iOS Zero-Day Vulnerabilities Exploited in Wild

Threat Update

Apple has announced that they have learned of three zero-day vulnerabilities affecting their iOS operating system. One of the vulnerabilities (CVE-2021-1782) affects the system kernel, allowing for privilege escalation; while the other two (CVE-2021-1870, CVE-2021-1871) are present within the system’s WebKit Safari browser allowing for remote code execution (RCE). According to Apple, all vulnerabilities have been patched in iOS 14.4.

Technical Detail & Additional Information

WHAT IS THE THREAT?

Apple iOS devices utilizing iOS 14.3 and earlier are susceptible to three zero-day vulnerabilities which have been patched in iOS 14.4. The vulnerabilities are believed to be part of the same exploit chain which is initiated by users navigating to a malicious site which exploits the two WebKit RCE vulnerabilities. After the initial WebKit exploit, attackers could exploit a kernel vulnerability to escalate privileges, execute system level code, and compromise the device’s operating system. It is also important to note that Apple believes these vulnerabilities have been exploited in the wild by threat actors.

WHY IS IT NOTEWORTHY?

These three vulnerabilities are significant since they are present across iOS devices running iOS 14.3 and below and are believed to have been exploited in the wild. The potential result of a successful exploit being a complete system kernel compromise also highlights these vulnerabilities as being important to address. These vulnerabilities come after Apple’s November 2020 release of the iOS 14 update in, an update specializing in security, and having patched three additional zero-days in December of 2020 which were originally discovered by one of Google’s security teams.

WHAT IS THE EXPOSURE OR RISK?

Since these zero-day vulnerabilities have only been patched in Apple’s iOS 14.4, any device running iOS 14.3 and earlier is susceptible to being exploited. When exploited, a malicious actor could potentially compromise the iOS operating system at the kernel level, elevate user privileges, and execute system level code remotely from the device.

WHAT ARE THE RECOMMENDATIONS?

The current recommendation to address these vulnerabilities is to update any affected Apple iOS devices to iOS version 14.4.

References:

For more in-depth information about the recommendations, please visit the following links:

If you have any questions, please contact our Security Operations Center.