Apple has released a new batch of security updates and fixed three iOS zero-days that ‘may have been actively exploited’ by attackers. Two of the zero-day vulnerabilities are logic issues affecting the WebKit browser engine. The third is a race condition that can be exploited by a malicious application to elevate privileges on a vulnerable iPhone or iPad. An anonymous researcher has been credited with the reporting of all three flaws. Apple has also released a security update for iCloud for Windows that fixes four vulnerabilities that may lead to arbitrary code execution.
Source: https://www.helpnetsecurity.com/2021/01/27/exploited-ios-zero-days/