Apple has released security updates to address an iOS zero-day bug actively exploited in the wild and affecting iPhone, iPad, iPod, and Apple Watch devices.
The vulnerability tracked as CVE-2021-1879 tracked by Google Threat Analysis group. The zero-day was discovered in the Webkit browser engine and allows attackers to launch universal cross-site scripting attacks after tricking targets into opening maliciously crafted web content on their devices.
The list of affected devices includes: iPhone, iPad, Apple watches, iPods.The zero-days were addressed by Apple earlier today by improving the management of object lifetimes in iOS 14.4.2, iOS 12.5.2, and watchOS 7.3.3.
Apple patched two other sets of exploited in the wild iOS zero-days in January 2021 and November 2020, reported by an anonymous researcher and Project Zero, Google’s 0day bug-hunting team.
In January, the company fixed a race condition bug in the iOS kernel (tracked as CVE-2021-1782) and two WebKit flaws (tracked as CVE-2021-1870 and CVE-2021-1871).
Apple patched three other iOS zero-days. A remote code execution bug (CVE-2020-27930), a kernel memory leak (CVE-2020-27950), and a kernel privilege escalation flaw (CVE-2020-27932)—affecting iPhone, iPad, and iPod devices last year November