05.05.2021 Apple Fixes Two Actively-exploited Flaws

by Elena Lapina

On 3 May 2021, Apple released fixes for two actively-exploited vulnerabilities in the Webkit engine that can be used to attack iPhones, iPads, iPods, macOS, and Apple Watch devices. We recommend applying the latest updates as soon as possible.



  • Apple addressed the flaws in the iOS 14.5.1, iOS 12.5.3, macOS Big Sur 11.3.1, and the watchOS 7.4.1 updates.
  • One flaw, tracked as CVE-2021-30665, is a memory corruption issue. Another flaw, CVE-2021-30663, is an integer overflow which is now addressed with improved input validation.
  • Both vulnerabilities could allow arbitrary remote code execution (RCE) on vulnerable devices if a victim visits a maliciously-crafted web page.


  • We recommend applying the latest updates as soon as possible as actively-exploited flaws present high risk to unpatched devices.
  • If you don’t have automatic updates enabled, on iOS and iPadOS, go to the Settings -> General -> Software Update.
  • The flaw requires user interacation to exploit it, and this is a good reminder for users not to click on any links from unknown sources.

References: Apple


Request Demo

Fill out the form and we will send you details about our demo.