By 
Technology giant Apple has released security updates for iOS to fix three zero-day flaws that were exploited in the wild.
An unknown researcher is said to have reported all three zero-days; patches are available as part of iOS 14.4.
The first zero-day affects the iOS operating system kernel (CVE-2021-1782), and the other two were found in the WebKit browser engine (CVE-2021-1870 and CVE-2021-1871).
The iOS kernel bug was labelled as a race condition bug that can let hackers raise privileges for their attack code. The two WebKit zero-days were termed as a “logic issue” that could allow remote hackers to perform their own malicious code inside users’ Safari browsers.
Security specialists believe the three bugs are part of an exploit chain where users are enticed to a malicious site that exploits the WebKit bug to run code that later escalates its privileges to run system-level code and impact the OS.
Nevertheless, official details about the attacks where these flaws were used were not made public, as is the case with most Apple zero-day revelations nowadays.
The three bugs today come after Apple fixed another set of three iOS zero-days in November last year, which were discovered by one of Google’s security teams.
