Apple addressed an iOS zero-day bug actively exploited in the wild and affecting iPhone, iPad, iPod, and Apple Watch devices. The flaw could be exploited to allow attackers to launch universal cross-site scripting attacks after tricking targets into opening maliciously crafted web content on their devices.
A. Nature of the Vulnerability
The vulnerability was tracked as:
CVE-2021-1879, the zero-day vulnerability exists in the Webkit browser engine and could be exploited to allow attackers to launch universal cross-site scripting attacks after tricking targets into opening maliciously crafted web content on their devices.
B. List of Vulnerable Systems
Vulnerable Apple products includes:
Mobile Phone:
- iPhone 6 plus
- iPhone 6s
- iPhone 6
- iPhone 5s
Media Devices:
- iPod touch (6th and 7th generation)
Tablet:
- iPad Pro (all models)
- iPad Air 2
- iPad Air
- iPad (5th generation)
- iPad mini 2
- iPad mini 3
Wearables:
- Apple Watch Series 3 and later
C. Actions to be Taken
CERT-PH recommends the following actions be taken:
Immediately test and apply the corresponding patched versions of the affected Apple products from the published security advisory from the Apple Security Updates (https://support.apple.com/en-us/HT212256)