Apple Issues Patch for Remote Hacking Bug Affecting Billions of its Devices

Apple has released out-of-band patches for iOS, macOS, watchOS, and Safari browsers to address a security flaw that could allow attackers to run arbitrary code on devices via malicious web content.

The vulnerability was discovered and reported to the company by Clément Lecigne of Google’s Threat Analysis Group and Alison Huffman of Microsoft Browser Vulnerability. It is to be noted that Huffman was also behind the discovery of an actively exploited zero-day bug in the Chrome browser that was addressed by Google recently.

CVE-ID: CVE-2021-1844

In accordance to the updated notes posted by Apple, the flaw stems from a memory corruption issue that could guide to arbitrary code execution when processing specifically crafted web articles.

The latest development comes on the heels of a patch for three zero-day vulnerabilities (CVE-2021-1782, CVE-2021-1870, and CVE-2021-1871) that was released in January. The weaknesses, which allow an attacker to elevate privileges and achieve remote code execution, were later exploited by the team behind the "unc0ver" jailbreak tool to unlock almost every single iPhone model running 14.3.

Recommendations:

  1. The update is accessible for units operating iOS 14.4, iPadOS 14.4, macOS Significant Sur, and watchOS 7.3.1 (Apple Check out Collection 3 and afterwards), and as an update to Safari for MacBooks functioning macOS Catalina and macOS Mojave.
  2. Users of Apple products or individuals functioning a susceptible edition of Chrome are suggested to set up the updates as before long as feasible to mitigate the risk linked with the flaws.