Cybersecurity Threat Advisory: Apple iOS Zero-Day Vulnerabilities Exploited in Wild

As part of our effort to inform our clients about potential and serious cybersecurity issues, MCP provides advisories about vulnerabilities and exploits that could threaten the operations of their critical communications networks. Sign up to receive these advisories in your inbox as soon as they are released.

This week there is a new critical alert that requires the mission-critical community’s immediate attention.

Advisory Overview

Apple announced that it has learned of three zero-day vulnerabilities affecting its iOS (formerly iPhone operating system). One of the vulnerabilities (CVE-2021-1782) affects the system kernel, allowing for privilege escalation; the other two (CVE-2021-1870, CVE-2021-1871) are present within the system’s WebKit Safari browser, allowing for remote code execution (RCE). According to Apple, all vulnerabilities have been patched in iOS 14.4.

What is the Threat?

Apple iOS devices utilizing iOS 14.3 and earlier are susceptible to three zero-day vulnerabilities, which have been patched in iOS 14.4. The vulnerabilities are believed to be part of the same exploit chain, which is initiated by users navigating to a malicious site, which the exploits the two WebKit RCE vulnerabilities. After the initial WebKit exploit, cyberattackers could exploit a kernel vulnerability to escalate privileges, execute system-level code, and compromise the device’s operating system. It also is important to note that Apple believes these vulnerabilities have been exploited in the wild by cyberattackers.

Why is this Noteworthy?

These three vulnerabilities are significant because they are present across iOS devices running iOS 14.3 and below, and are believed to have been exploited in the wild. The potential result of a successful exploit being a complete system kernel compromise also highlights these vulnerabilities as being important to address. These vulnerabilities come after Apple’s November 2020 release of the iOS 14 update—an update specializing in security—and after three additional patches in December 2020 to address zero-day vulnerabilities, which originally were discovered by one of Google’s security teams.

What is the Exposure?

Because these zero-day vulnerabilities only been patched in Apple’s iOS 14.4, any device running iOS 14.3 and earlier is susceptible to being exploited. When exploited, a cyberattacker could compromise the iOS at the kernel level, elevate user privileges, and execute system-level code remotely from the device.

What are the Recommendations?

The current recommendation to address these vulnerabilities is to update any affected Apple devices to iOS version 14.4.

Author Bio
Mike Beagles has specialized experience with supporting mission critical communications agencies by providing technical expertise, strategic IT planning, and architecting both on-prem and shared systems for new and innovative technologies as well as legacy solutions. He currently manages the platform and suite of tools used to deliver MCP network and cybersecurity monitoring to our clientele.