Apple has released security updates to fix vulnerabilities in iOS 14.4, watchOS 7.3, Xcode 12.4, iCloud for Windows 12.0 and tvOS 14.4. As part of the updates, the tech giant also addressed three zero-day iOS vulnerabilities exploited in the wild.
A hacker could exploit some of these vulnerabilities to take control of affected devices.
iOS and iPadOS 14.4
The latest iOS 14.4 and iPadOS 14.4 security update addressed 3 zero-day vulnerabilities on January 26, 2021.
“Apple is aware of a report that this issue may have been actively exploited,” Apple stated in the advisory.
The first ‘race condition’ vulnerability (CVE-2021-1782) could allow a malicious application to elevate privileges.
The two others (CVE-2021-1870 and CVE-2021-1871) could allow a remote attacker to cause arbitrary code execution.
The latest Apple Watch 7.3 security update addressed just one vulnerability that impact Apple Watch Series 3 and later models.
Similar to the iOS updates, Apple also patched the same zero-day CVE-2021-1782 exploited in the wild.
In addition, the Apple Xcode 12.4 update fixed one vulnerability CVE-2021-1800 and is available for macOS Catalina 10.15.4 and later versions.
“A malicious application may be able to access arbitrary files on the host device while running an app that uses on-demand resources with Xcode,” Apple stated in the advisory.
iCloud for Windows 12.0
The Apple iCloud for Windows 12.0 security update addressed four ImageIO vulnerabilities. Two of those could lead to arbitrary code execution if left unpatched.
The update is available for Windows 10 and later via the Microsoft Store.
Finally, Apple released a security update for tvOS 14.4 with a fix for CVE-2021-1782, also with reports of exploits in the wild. The update is available for Apple TV 4K and Apple TV HD.
Readers can also check out the Apple Security Updates page for all the latest updates.
- Apple security updates for macOS Big Sur 11.2, Catalina and Mojave
- Apple December security updates for iOS 14.3, macOS Big Sur 11.1 and other products
- Apple releases iOS 14.0 with new privacy features and security updates for multiple products
- Microsoft January 2021 Security Updates (to include zero-day RCE patch)