4:45pm, 28 January 2021
TLP Rating:
Vulnerability in Apple iOS reportedly being actively exploited
Apple has released iOS, iPadOS and tvOS version 14.4 containing fixes for three vulnerabilities affecting Webkit and the operating system’s kernel. There have been reports that these vulnerabilities are being actively exploited. CERT NZ is urging all users of these operating systems to immediately update their devices.
What's happening
Systems affected
Apple have stated the vulnerabilities affect three of their operating systems:
- iOS
- iPadOS
- tvOS
For a complete list of products that are able to be updated see the full list on Apples website External Link
.
What this means
There are three specific vulnerabilities that Apple have announced and patched, as follows:
- CVE-2021-1782
- CVE-2021-1871
- CVE-2021-1870
These vulnerabilities allow attackers to cause arbitrary code execution and escalate privileges.
What to do
Mitigation
Immediately update your Apple iOS, iPadOS and tvOS devices to version 14.4 where the update is available. For most users, a pop-up should alert you that an update is available – select ‘Update Now’.
If you do not receive a pop up message, follow these steps:
Settings > System > Software Update. In there, select “Update Software”.
For further information on affected devices and the update, see Apple's security notification. External Link
For further information about updating devices, see CERT NZ's guide to updating your devices.
CERT NZ recommend that users of devices that are not able to receive updates look to replace their devices. For further information, see our guide on end-of-life devices.
More information
If you require more information or further support, submit a report on our website or contact us on 0800 CERTNZ.
For media enquiries, email our media desk at media@mbie.govt.nz or call the MBIE media team on 027 442 2141.