CVE-2021-1780

Name of the Vulnerable Software and Affected Versions: iOS versions prior to 14.4 iPadOS versions prior to 14.4

Description: A memory initialization issue was addressed with improved memory handling, which may allow an attacker in a privileged position to perform a denial of service attack. Additionally, there are three 0-day issues that allow remote code execution (RCE) and privilege escalation, which are reportedly being used in the wild. These issues are related to the WebKit browser engine and the kernel. It is believed that these issues may be part of an exploit kit used by hackers to attack Apple devices via malicious or compromised websites.

Recommendations: For iOS versions prior to 14.4, update to iOS 14.4 or later to fix the memory initialization issue and the three 0-day issues. For iPadOS versions prior to 14.4, update to iPadOS 14.4 or later to fix the memory initialization issue and the three 0-day issues.