iDevice users this week were greeted with a new software update containing enhancements and bug fixes – including patches for three apparently nasty security bugs. Readers are advised to update their iGear quickly. Here’s why: The latest iOS and iPadOS updates contain fixes for three previously unknown vulnerabilities.
CVE-2021-1782 is described as a flaw that could let a malicious application elevate privileges, while CVE-2021-1871 and CVE-2021-1870 can open the door to remote attackers and enable them to cause arbitrary code execution.
Affected devices include iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation).
For all three vulnerabilities, the Cupertino-based tech giant said on January 26 it was “aware of a report that this issue may have been actively exploited.”
That was Tuesday, so we can safely assume that any unpatched iPhone, iPad or iPod touch that supports the new software is a potential target for motivated threat actors.
And since the cat’s out of the bag regarding these security flaws, any motivated threat actor who previously had no knowledge of the flaws may well be actively exploiting them right now. Which, needless to say, makes updating imperative.
No additional details about the flaws are available as of yet, likely as a precaution not to give threat actors too much leeway before most users get a chance to patch up their Apple gear.
Readers who own one or more of the affected units are urged to visit Settings -> General -> Software Update and tap Download and Install.