Apple's software products are considered more polished than most others. But that doesn't mean they're flawless.
iOS is the operating system found on Apple's mobile devices. It's fast and straightforward, and pretty much secured here and there. But according to its security update page, It had three bugs affecting iPhones and iPads that “may have been actively exploited.”
The three bugs were zero-days vulnerability.
Fortunately, Apple fixed the three major bugs with the release of iOS version 14.4.
As usual, Apple has declined to share specific details about the flaws.
Apple doesn’t release details with security fixes, mainly so that people have a chance to update their iPhones before more potential attackers get hold of the details.
Two of the zero-day vulnerabilities (CVE-2021-1870 and CVE-2021-1871) are logic issues affecting Apple's WebKit, the engine that powers the Safari web browser.
The bugs allowed attackers to achieve code execution on devices running a vulnerable version of iOS or iPadOS (those prior to version 14.4).
The third zero-day (CVE-2021-1782) affects the operating systems’ kernel.
In a rare condition, the bug can be exploited by a malicious application to elevate privileges on a vulnerable iPhone or iPad. This bug also affects watchOS and tvOS, and has been fixed in the released updates (watchOS 7.3 and tvOS 14.4).
An anonymous researcher has been credited with the reporting all of the three flaws.
Apple is one of those companies that put pride at the front of almost everything.
The Cupertino-based company founded by Steve Jobs and Steve Wozniak has been one of the most famous tech companies, and also one of the most experienced in terms of building sophisticated gadgets and computers.
Putting users privacy and security as its priority, Apple also prides itself in these two fields.
And this is why when the public realizes that Apple is not immune to exploits, Apple tends to stay quite and run away from the spotlight.
And admitting to the findings of the three zero-day bugs like in this occassion, is a rare admission by Apple.
In the past, iOS devices were vulnerable to 'Wi-Fi broadcast packet of death'. It also had a bug when dealing with Sindhi characters, a VPN bug, the annoying 'shrug bug' and others,