Security Experts:

Apple Warns of New Zero-Day Attacks on iOS, macOS

Apple’s problems with zero-day attacks continued this week with news of another mysterious in-the-wild compromise affecting iPhones, iPads and macOS devices.

News of the latest compromise was included in a one-line mention in an advisory from Apple that documents fixes for a pair of WebKit security flaws that have been exploited on both iPhones and macOS computers.

Apple’s newest iOS/iPadOS 14.5.1 update addresses the following vulnerabilities:


WebKit (CVE-2021-30665) -- Processing maliciously crafted web content may lead to arbitrary code execution. A memory corruption issue was addressed with improved state management.  Apple is aware of a report that this issue may have been actively exploited.

WebKit (CVE-2021-30663) - Processing maliciously crafted web content may lead to arbitrary code execution. An integer overflow was addressed with improved input validation. Apple is aware of a report that this issue may have been actively exploited.

A separate advisory documents the two flaws on macOS and recommends Apple customers upgrade immediately to macOS Big Sur 11.3.1.

Related: Apple iOS 14.5 Patches 50 Security Flaws

Related: Apple Patches Under-Attack iOS Zero-Day


view counter
Ryan Naraine is Editor-at-Large at SecurityWeek and host of the popular Security Conversations podcast series. He is a journalist and cybersecurity strategist with more than 20 years experience covering IT security and technology trends. Ryan has built security engagement programs at major global brands, including Intel Corp., Bishop Fox and Kaspersky GReAT. He is a co-founder of Threatpost and the global SAS conference series. Ryan's career as a journalist includes bylines at major technology publications including Ziff Davis eWEEK, CBS Interactive's ZDNet, PCMag and PC World. Ryan is a director of the Security Tinkerers non-profit, and a regular speaker at security conferences around the world. Follow Ryan on Twitter @ryanaraine.