Apple Issues Urgent Patch Update for Another Zero‑Day Under Attack

The Hacker News

Merely weeks after releasing out-of-band patches for iOS, iPadOS, macOS and watchOS, Apple has released yet another security update for iPhone, iPad, Apple Watch to fix a critical zero-day weakness that it says is being actively exploited in the wild.

Tracked as CVE-2021-1879, the vulnerability relates to a WebKit flaw that could enable adversaries to process maliciously crafted web content that may result in universal cross-site scripting attacks.

“This issue was addressed by improved management of object lifetimes,” the iPhone maker noted.

Apple has credited Clement Lecigne and Billy Leonard of Google’s Threat Analysis Group for discovering and reporting the issue. While details of the flaw have not been disclosed, the company said it’s aware of reports that CVE-2021-1879 may have been actively exploited.

Full article