Apple Releases Urgent Security Patches For Zero‑Day Bugs Under Active Attacks

Cyber Security

Apple on Monday released security updates for iOS, macOS, and watchOS to address three zero-day flaws and expand patches for a fourth vulnerability that the company said might have been exploited in the wild.

password auditor

The weaknesses all concern WebKit, the browser engine which powers Safari and all third-party web browsers in iOS, allowing an adversary to execute arbitrary code on target devices. A summary of the three security bugs are as follows –

  • CVE-2021-30663: An integer overflow vulnerability that could be exploited to craft malicious web content, which may lead to code execution. The flaw was addressed with improved input validation.
  • CVE-2021-30665: A memory corruption issue that could be exploited to craft malicious web content, which may lead to code execution. The flaw was addressed with improved state management.
  • CVE-2021-30666: A buffer overflow vulnerability that could be exploited to craft malicious web content, which may lead to code execution. The flaw was addressed with improved memory handling.

The development comes a week after Apple rolled out iOS 14.5 and macOS Big Sur 11.3 with a fix for a potentially exploited WebKit Storage vulnerability. Tracked as CVE-2021-30661, the use-after-free issue was discovered and reported to the iPhone maker by a security researcher named yangkang (@dnpushme) of Qihoo 360 ATA.

yangkang, along with zerokeeper and bianliang, have been credited with reporting the three new flaws.

It’s worth noting that CVE-2021-30666 only affects older Apple devices such as iPhone 5s, iPhone 6, iPhone 6 Plus, iPad Air, iPad mini 2, iPad mini 3, and iPod touch (6th generation). The iOS 12.5.3 update, which remediates this flaw, also includes a fix for CVE-2021-30661.

The company said it’s aware of reports that the issues “may have been actively exploited” but, as is typically the case, failed to elaborate about the nature of attacks, the victims that may have been targeted, or the threat actors that may be abusing them.

Users of Apple devices are recommended to update to the latest versions to mitigate the risk associated with the flaws.

Products You May Like

Articles You May Like

Research: A market where consumers can pay for privacy is emerging
Realme X7 Max Retail Box Leak Tips MediaTek Dimensity 1200 SoC, 120Hz Super AMOLED Display
Open source time-series database operator Timescale raises $40M
Facebook Removes Ukraine Political ‘Influence-for-Hire’ Network
Redmi Note 10T Tipped to Launch as Rebranded Redmi Note 10 5G With Some Differences

Leave a Reply

Your email address will not be published. Required fields are marked *