Apple Patches Critical iOS Bugs; One Under Attack

Researchers found that one critical flaw in question is exploitable from the browser, allowing watering-hole attacks.

Apple lovers who haven’t yet updated to iOS 15, you may want to pop into Settings to freshen up your iPhone now: Apple has released several critical security updates that might light a fire under your britches.

On Monday and Tuesday, Apple released iOS 14.8.1, iPadOS 14.8.1, watchOS 8.1 and tvOS 15.1, patching 24 CVEs in total.

Apple’s security page has all the details about the CVEs, which include multiple issues in iOS components that, if exploited, could lead to arbitrary code execution, sometimes with kernel privileges that would let an attacker get to the heart of the operating system.

Critical, Easily/Already Exploited Bug

In one case – a memory-corruption issue in IOMobileFrameBuffer for Apple TV – the computing giant said that it’s “aware of a report that this issue may have been actively exploited” — which other researchers confirmed.

This one is particularly worrisome, given that researchers already found that the flaw is exploitable from the browser, making it “perfect for one-click & waterholing mobile attacks,” mobile security firm ZecOps said earlier this month.

We can confirm that

Read More: https://threatpost.com/apple-patches-ios-bugs/175803/