Apple’s problems with zero-day attacks continued this week with news of another mysterious in-the-wild compromise affecting iPhones, iPads and macOS devices.
News of the latest compromise was included in a one-line mention in an advisory from Apple that documents fixes for a pair of WebKit security flaws that have been exploited on both iPhones and macOS computers.
Apple’s newest iOS/iPadOS 14.5.1 update addresses the following vulnerabilities:
WebKit (CVE-2021-30665) — Processing maliciously crafted web content may lead to arbitrary code execution. A memory corruption issue was addressed with improved state management. Apple is aware of a report that this issue may have been actively exploited.
WebKit (CVE-2021-30663) – Processing maliciously crafted web content may lead to arbitrary code execution. An integer overflow was addressed with improved input validation. Apple is aware of a report that this issue may have been actively exploited.
A separate advisory documents the two flaws on macOS and recommends Apple customers upgrade immediately to macOS Big Sur 11.3.1.
Related: Apple iOS 14.5 Patches 50 Security Flaws
Related: Apple Patches Under-Attack iOS Zero-Day
Ryan Naraine is Editor-at-Large at SecurityWeek and host of the popular Security Conversations podcast series. He is a security community engagement expert who has built programs at major global brands, including Intel Corp., Bishop Fox and GReAT. Ryan is a founding-director of the Security Tinkerers non-profit, an advisor to early-stage entrepreneurs, and a regular speaker at security conferences around the world.
More from Ryan Naraine
- Anti-Bot Software Firm DataDome Banks $42M Financing
- Malware Hunters Spot Supply Chain Attack Hitting 3CX Desktop App
- LeapXpert Banks $22M Funding to Secure Corporate Messaging With Consumer Apps
- Spera Banks $10 Million to Tackle Identity and Access Sprawl
- Mandiant Catches Another North Korean Gov Hacker Group
- Microsoft Puts ChatGPT to Work on Automating Cybersecurity
- Microsoft: No-Interaction Outlook Zero Day Exploited Since Last April
- Tesla Hacked Twice at Pwn2Own Exploit Contest
Latest News
- Anti-Bot Software Firm DataDome Banks $42M Financing
- Unpatched Security Flaws Expose Water Pump Controllers to Remote Hacker Attacks
- 500k Impacted by Data Breach at Debt Buyer NCB
- Chinese Cyberspies Use ‘Melofee’ Linux Malware for Stealthy Attacks
- Why Endpoint Resilience Matters
- Microsoft Cloud Vulnerability Led to Bing Search Hijacking, Exposure of Office 365 Data
- 3CX Confirms Supply Chain Attack as Researchers Uncover Mac Component
- UK Introduces Mass Surveillance With Online Safety Bill
