Apple Patches 3 Flaws Affecting Certain DevicesTwo Zero-Days Were Being Exploited
Apple has released patches for two zero-day vulnerabilities and a fix for another security issue, all of which affected devices running iOS version 12.5.3. It says the zero-day flaws are being exploited in the wild by developing malicious certificates for arbitrary code execution.
The security flaws in Apple's web browser engine WebKit affect iPhone 5, iPhone 6, iPhone 6 Plus, iPad Air, iPad Mini 2 and 3, and iPod Touch (sixth generation).
The three vulnerabilities are:
- CVE-2021-30737: This is a memory corruption issue in the ASN.1 language, used for data defining. Apple addressed the issue by removing the vulnerable code.
- CVE-2021-30761: This zero-day flaw, disclosed by an unidentified researcher, is a memory corruption vulnerability that was patched. Exploiting the flaw could lead to remote code execution.
- CVE-2021-30762: This zero-day flaw is a "use after free" issue vulnerability. If a program does not clear the memory pointer after a memory location has been freed, the error can be used by an attacker to hack the program. Apple issued a patch.
Meanwhile, Microsoft has released an endpoint detection tool to help iOS users detect jailbreaking and phishing and block malicious traffic.
Other Apple Issues
In April, ransomware gang REvil threatened to release Apple device blueprints unless it received a massive payoff hours before the company was scheduled to make a series of major new product announcements. REvil published several alleged blueprints for Apple devices, which it claimed to have stolen from Taiwanese manufacturer Quanta Computer (see: REvil Ransomware Gang Threatens Stolen Apple Blueprint Leak).
In January, security researchers at Sentinel Labs identified an updated version of the cryptominer OSAMiner, which targeted the macOS to mine for monero (see: Updated macOS Cryptominer Uses Fresh Evasion Techniques).
And in December 2020, researchers at Trend Micro uncovered a macOS backdoor variant linked to an advanced persistent threat group operating from Vietnam. The malware used an updated backdoor and multistage payloads, as well as anti-detection techniques to help bypass security tools (see: Fresh macOS Backdoor Variant Linked to Vietnamese Hackers).