Rewterz Threat Alert – ZLoader using Zoho Docs – IoCs
March 26, 2021Rewterz Threat Advisory – CVE-2021-28918 – Critical Netmask Networking Bug Impacts Thousands of Applications
March 29, 2021Rewterz Threat Alert – ZLoader using Zoho Docs – IoCs
March 26, 2021Rewterz Threat Advisory – CVE-2021-28918 – Critical Netmask Networking Bug Impacts Thousands of Applications
March 29, 2021Severity
High
Analysis Summary
Apple has just pushed out an emergency “one-bug” security update for its mobile devices, including iPhones, iPads and Apple Watches. Even users of older iPhones and iPads who are still on the officially-supported iOS 12 version need to patch.
CVE-2021-1879
Processing maliciously crafted web content may lead to universal cross site scripting. Apple is aware of a report that this issue may have been actively exploited.
This vulnerability affects WebKit, Apple’s core web browser code. A security flaw in WebKit affects any browser you have installed, including Apple’s built-in Safari app, and could affect many other apps if they have any program options that pop up a web window to show you information.
Moreover, all websites you visit are affected by the bug, at least in theory, including sites with no security holes of their own. You need to patch the vulnerability for yourself, because the bug is in your browser, not in any individual web server. You can’t sidestep the bug simply by avoiding specific web servers until they get patched.
Impact
- Cross-Site Scripting
- Information Disclosure
Affected Vendors
Apple
Affected Products
Multiple
Remediation
Update to following versions:
- iOS 14 (recent iPhones): update to 14.4.2
- iOS 12 (older iPhones and iPads): update to 12.5.2
- iPadOS 14: update to 14.4.2
- watchOS: update to 7.3.3
To check whether you have the latest version, and to install it right away if you don’t, go to Settings > General > Software Update.