05.05.2021 Apple Fixes Two Actively-exploited Flaws

by Elena Lapina

On 3 May 2021, Apple released fixes for two actively-exploited vulnerabilities in the Webkit engine that can be used to attack iPhones, iPads, iPods, macOS, and Apple Watch devices. We recommend applying the latest updates as soon as possible.

 


Details

  • Apple addressed the flaws in the iOS 14.5.1, iOS 12.5.3, macOS Big Sur 11.3.1, and the watchOS 7.4.1 updates.
  • One flaw, tracked as CVE-2021-30665, is a memory corruption issue. Another flaw, CVE-2021-30663, is an integer overflow which is now addressed with improved input validation.
  • Both vulnerabilities could allow arbitrary remote code execution (RCE) on vulnerable devices if a victim visits a maliciously-crafted web page.


Recommendations

  • We recommend applying the latest updates as soon as possible as actively-exploited flaws present high risk to unpatched devices.
  • If you don’t have automatic updates enabled, on iOS and iPadOS, go to the Settings -> General -> Software Update.
  • The flaw requires user interacation to exploit it, and this is a good reminder for users not to click on any links from unknown sources.

References: Apple

 

Request Demo

Fill out the form and we will send you details about our demo.