Apple fixes three actively exploited iOS zero-days


Apple has release a new batch of security updates and has fixed three iOS zero-days that “may have been actively exploited” by attackers.

The three zero-days

Two of the zero-day vulnerabilities (CVE-2021-1870 and CVE-2021-1871) are logic issues affecting the WebKit browser engine, which may allow a remote attacker to achieve code execution on devices running a vulnerable version of iOS or iPadOS (i.e., those prior to version 14.4).