Apple Ships Emergency Fixes for Under-Attack iOS Zero-Day
On Tuesday, Apple released two emergency patches for iOS and iPad OS platforms due to indications that the three security vulnerabilities were under attack by threat actors. The patches are currently being implemented through automatic updating mechanisms as it is critical that Apple users install the fixes. Apple did not provide details on the vulnerabilities or attacks, however, they did identify the flaws in Kernel and Webkit, the open-source web browser engine utilized in Safari, Mail, AppStore, and other macOS and iOS apps.
Apple stated that the first vulnerability in Kernel could be used by a hacker to elevate privileges. Apple indicated that they had received reports that the flaw was being actively exploited. The flaw affects iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch. The second, in WebKit, allows a hacker to execute arbitrary code execution. Apple stated that they were also aware that the flaw was being actively exploited. The WebKit vulnerability affects the same class and generation of Apple products as the one found in Kernel.