Vulnerability in Apple iOS reportedly being actively exploited

Our advisories highlight current cyber security threats and vulnerabilities in New Zealand, and provide guidance on how to mitigate their impact.

Subscribe to our updates to be notified as soon as we publish an advisory.

4:45pm, 28 January 2021

TLP Rating: Clear

Vulnerability in Apple iOS reportedly being actively exploited

Apple has released iOS, iPadOS and tvOS version 14.4 containing fixes for three vulnerabilities affecting Webkit and the operating system’s kernel. There have been reports that these vulnerabilities are being actively exploited. CERT NZ is urging all users of these operating systems to immediately update their devices.

What's happening

Systems affected

Apple have stated the vulnerabilities affect three of their operating systems:

  • iOS
  • iPadOS
  • tvOS

 For a complete list of products that are able to be updated see the full list on Apples website External Link .

What this means

There are three specific vulnerabilities that Apple have announced and patched, as follows:

  • CVE-2021-1782
  • CVE-2021-1871
  • CVE-2021-1870

These vulnerabilities allow attackers to cause arbitrary code execution and escalate privileges.

What to do

Mitigation

Immediately update your Apple iOS, iPadOS and tvOS devices to version 14.4 where the update is available. For most users, a pop-up should alert you that an update is available – select ‘Update Now’.

If you do not receive a pop up message, follow these steps:

Settings > System > Software Update. In there, select “Update Software”.

For further information on affected devices and the update, see Apple's security notification. External Link

For further information about updating devices, see CERT NZ's guide to updating your devices.   

CERT NZ recommend that users of devices that are not able to receive updates look to replace their devices. For further information, see our guide on end-of-life devices.

More information

If you require more information or further support, submit a report on our website or contact us on 0800 CERTNZ.

Report an incident to CERT NZ

For media enquiries, email our media desk at certmedia@cert.govt.nz or call on 021 854 384