You are currently viewing Apple Critical Security Updates April 2021

Apple Critical Security Updates April 2021

Apple released security updates for multiple products. The exploitation of some of these security flaws will allow an attacker to bypass many core Apple security mechanisms, crash the application, potentially control affected systems, and putting Mac users at great risk.

The updates for macOS include fixes for 64 vulnerabilities. These flaws allow attackers to execute arbitrary code with kernel or system privileges, bypass privacy preferences, read restricted memory, cause unexpected application termination or heap corruption, disclose sensitive information, read arbitrary files, conduct cross-site scripting and phishing attacks, etc.


Zero-Day  (CVE-2021-30657)

A critical zero-day vulnerability exploited in the wild by Shlayer malware is fixed in this April’s security update. The vulnerability allows an attacker to bypass core Apple security mechanisms such as Apple’s File Quarantine, Gatekeeper, and Notarization security checks. It also runs second-stage malicious payloads. The vulnerability is discovered and reported by Security researcher Cedric Owens.

Zero-Day  (CVE-2021-30661)

Another critical zero-day vulnerability related to WebKit Storage is also being exploited in the wild.  It impacts iOS and watchOS devices. The vulnerability allows an attacker to conduct remote code execution.


Apple Security Updates Summary for April 2021

macOS


iOS and iPadOS


Xcode

  • Affected OS: macOS Big Sur
  • Affected features: Git
  • Impact: Arbitrary Code Execution
  • CVEs: CVE-2021-21300

iCloud


Safari

  • Affected OS: macOS Catalina and Mojave
  • Affected features: WebRTC, WebKit
  • Impact: Cross-Site Scripting, Memory Corruption
  • CVEs: CVE-2021-1825, CVE-2020-7463

tvOS


watchOS


SanerNow detects these vulnerabilities and automatically fixes them by applying security updates. Use SanerNow to keep your systems updated and secure.

Subscribe For More Posts Like This

Get the latest research, best practices, industry trends and cybersecurity blogs from SecPod security experts

Invalid email address
We promise not to spam you. You can unsubscribe at any time.
0 0 votes
Article Rating
Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments