High Threat Security Alert (A21-03-10): Vulnerability in Apple iOS and iPadOS


 

Published on: 29 March 2021

  
  

Description:

Apple has released iOS 14.4.2 and iPadOS 14.4.2 as well as iOS 12.5.2 to fix a vulnerability in various Apple devices. The vulnerability could be exploited by enticing a user to open a specially crafted website. The details of vulnerability information can be found at:

https://support.apple.com/zh-hk/HT212256

https://support.apple.com/zh-hk/HT212257

Active exploitation against the vulnerability in iOS and iPadOS (CVE-2021-1879) has been observed. System administrators are advised to take immediate action to patch affected systems to mitigate the elevated risk of cyber attacks.

 

Affected Systems:

  • iPhone 5s and later
  • iPad 5th generation and later, Air and later, mini 2 and later, Pro (all models)
  • iPod touch (6th generation and later)

 

Impact:

A successful exploitation could lead to cross-site scripting on an affected device.

 

Recommendation:

Apple has released new version of iOS and iPadOS to address the issue.

The updates can be obtained through the auto-update mechanism. Users of affected systems should follow the recommendations provided by the product vendor and take immediate actions to mitigate the risk.

 

More Information:

  • https://support.apple.com/zh-hk/HT212256
  • https://support.apple.com/zh-hk/HT212257
  • https://www.hkcert.org/security-bulletin/apple-products-cross-site-scripting-vulnerability_20210329
  • https://us-cert.cisa.gov/ncas/current-activity/2021/03/26/apple-releases-security-updates
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1879


Tag: Apple , iOS , iPhone , iPad , iPod , iPadOS
Tags