Published on: 27 January 2021
Apple has released iOS 14.4 and iPadOS 14.4 to fix multiple vulnerabilities in various Apple devices. The list of vulnerability information can be found at:
https://support.apple.com/zh-hk/HT212146
Active exploitation against the vulnerabilities in iOS and iPadOS (CVE-2021-1782, CVE-2021-1870 and CVE-2021-1871) have been observed. System administrators are advised to take immediate action to patch affected systems to mitigate the elevated risk of cyber attacks.
Depending on the vulnerability exploited, a successful exploitation could lead to arbitrary code execution or escalation of privilege on an affected device.
Apple has released new version of iOS and iPadOS to address the issues.
The updates can be obtained through the auto-update mechanism. Users of affected systems should follow the recommendations provided by the product vendor and take immediate actions to mitigate the risk.
https://support.apple.com/zh-hk/ HT212146
https://www.hkcert.org/security-bulletin/apple-products-multiple-vulnerabilities_20210127
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1782
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1870
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1871