By 
On January 26, Apple released a security update to close three zero-day vulnerabilities: CVE-2021-1780, CVE-2021-1781, and CVE-2021-1782.
Because Apple believes unnamed cybercriminals are already exploiting these vulnerabilities, the company advises all iOS and iPadOS users to update their operating systems.
According to the information available, unknown actors may already be using the three vulnerabilities as an exploit chain, but with investigations ongoing, and for users’ protection, Apple plans to delay the release of more details.
In order to stay safe, Kaspersky experts recommend carrying out the update as soon as possible. According to Apple’s website, the update is available for iPhone 6 models and newer, iPad Air 2 and newer, iPad mini 4 and newer, and the seventh-generation iPod touch.
“It is a well-known fact that infecting an iPhone or iPad and rooting the device to intercept data from it is a very difficult task. However, there is one effective method of infection – the so-called Drive-By-Download attack. A target only needs to visit a specially designed web page containing an exploit that uses the vulnerability in the browser to execute the attackers’ code. This is dangerous because attackers can subsequently access valuable data in the browser.
However, this scenario develops further whereby a payload – another exploit – can be delivered to manipulate a vulnerability in the OS kernel. This could allow attackers to get deeper into the system and gain access to all data, including chats in messenger apps and social networks, geolocation, call history and corporate mail.
The scenario is extremely dangerous and the security update for operating system 14.4 is aimed at countering it. Why is it so important to update as quickly as possible? The possibility of falling into the above traps and scenarios is very high, as attackers tend to infect popular web platforms with a large audience for this kind of attack. And the larger it is, the higher the chance that you or people close to you will be affected,” comments Victor Chebyshev, security analyst at Kaspersky.
For more details, visit our blog.
