Skip to main content
Zero Days & Vulns

Apple Zero-day Vulnerability

By 6 avril 2021mai 4th, 2021No Comments

A vulnerability was discovered in Apple’s web browser tool WebKit affecting Safari as well as other browsers, any web content on Apple devices and web applications installed from the iStore. This vulnerability is being actively exploited by malicious actors. 

  • CVE-2021-1879 enables threat actors to gain access to sensitive personal information using UXSS or universal cross-site scripting. This is done for example by hindering the application of the Same Origin Policy (SOP) by WebKit. 

Being a target of this exploitation can imply the compromise of your devices, privacy and security as well as result in financial loss. 

Note: Earlier this year in January, Apple had also discovered three others zero-day vulnerabilities 

CVE-2021-1870 and CVE-2021-1871 affecting WebKit by allowing for Remote Code Execution

CVE-2021-1782  enabling  the elevation of privilege     

Incidents tied to the exploitation of these vulnerabilities have been observed, notably by NSO Group’s Pegasus spyware users. 

RECOMMENDED SOLUTION

All users must patch their devices with the Security Updates issued by Apple: 

For more information, refer to the support page for solutions to mitigate and defend your devices.

Sources : Sophos, Apple, Bleeping Computer, TechCrunch, Helpnetsecurity, citizenlab