MobileNews

Apple says iOS 14.5.1 and macOS 11.3.1 patch WebKit flaws that may have been actively exploited

Apple released updates for iPhone, iPad, Mac, and Apple Watch today with multiple security updates. The patched flaws involved malicious web content that could lead to arbitrary code execution – and Apple says they may have been actively exploited.

Apple released iOS 14.5.1 and iOS 12.5.3, macOS 11.3.1, and watchOS 7.4.1 today with the primary changes being security fixes (App Tracking Transparency bug fix for iOS too). So be sure to install the newest updates to get the latest protection.

In support documents, Apple detailed the web flaws that were fixed. The first flaw meant that “Processing maliciously crafted web content may lead to arbitrary code execution.” Memory corruption was at play here and Apple says it fixed the issue with “improved state management.”

A second flaw also dealt with the same potential for malicious web content potentially executing arbitrary code and Apple says it also may have been exploited in the wild. On this one, Apple solved the problem with an integer overflow and “improved input validation.”

WebKit

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.

Description: A memory corruption issue was addressed with improved state management.

CVE-2021-30665: yangkang (@dnpushme)&zerokeeper&bianliang of 360 ATA

WebKit

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.

Description: An integer overflow was addressed with improved input validation.

CVE-2021-30663: an anonymous researcher

Meanwhile, for older iPhones and iPads, two additional security issues were fixed with iOS 12.5.3. Apple patched the buffer overflow/improved memory handling and also updated the “use after free issue.”

WebKit

Available for: iPhone 5s, iPhone 6, iPhone 6 Plus, iPad Air, iPad mini 2, iPad mini 3, and iPod touch (6th generation)

Impact: Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.

Description: A buffer overflow issue was addressed with improved memory handling.

CVE-2021-30666: yangkang (@dnpushme)&zerokeeper&bianliang of 360 ATA

WebKit Storage

Available for: iPhone 5s, iPhone 6, iPhone 6 Plus, iPad Air, iPad mini 2, iPad mini 3, and iPod touch (6th generation)

Impact: Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.

Description: A use after free issue was addressed with improved memory management.

CVE-2021-30661: yangkang (@dnpushme)&zerokeeper&bianliang of 360 ATA


Check out 9to5Mac on YouTube for more Apple news:

Check out the latest Apple iPhones at great prices from Gizmofashion – our recommended retail partner.


Author: Michael Potuck
Source: 9TO5Google

Related posts
AI & RoboticsNews

H2O.ai improves AI agent accuracy with predictive models

AI & RoboticsNews

Microsoft’s AI agents: 4 insights that could reshape the enterprise landscape

AI & RoboticsNews

Nvidia accelerates Google quantum AI design with quantum physics simulation

DefenseNews

Marine Corps F-35C notches first overseas combat strike

Sign up for our Newsletter and
stay informed!