Apple Fixes Critical Zero-Day Flaws

Apple Fixes Critical Zero-Day Flaws

Apple released security updates for multiple products, including Safari, macOS, iOS, iPadOS, tvOS and watchOS. The exploitation of some of these security flaws will allow an attacker to take control of the  victim’s system and put Mac users at great risk.

The updates for Apple products include fixes for 4 vulnerabilities, including two zero-days. These flaws allow attackers to corrupt memory, execute arbitrary code, and even control the affected device. All these flaws are observed to be actively exploited by attackers.


Zero-Day (CVE-2021-30665)

A critical zero-day vulnerability residing in the Webkit browser engine of iOS is fixed in this May update. The vulnerability is due to a memory corruption issue related to improper state management. The vulnerability allows an attacker to remotely execute commands on vulnerable devices simply by visiting a malicious website. The vulnerability is discovered and reported by security researchers from China. The new release of 14.5.1 is mitigating this issue along with other bugs.

Zero-Day (CVE-2021-30663)

One more critical zero-day vulnerability residing in the Webkit browser rendering engine of iOS is also fixed in this security update. The vulnerability is due to an integer overflow issue related to improper input validation. It allows attackers to conduct remote code execution on iPhones, iPads, iPods, macOS, and Apple Watch devices. An anonymous source is behind the discovery of this 0-day.


Apple Security Updates Summary for May 2021

macOS

Safari

  • Affected OS: macOS Catalina and macOS Mojave
  • Affected features: WebKit
  • Impact: Arbitrary code execution
  • CVEs: CVE-2021-30665, CVE-2021-30663

iOS and iPadOS

  • Product: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)
  • Affected features: WebKit
  • Impact: Arbitrary code execution
  • CVEs: CVE-2021-30665, CVE-2021-30663

iOS

watchOS

  • Product: Apple Watch Series 3 and later
  • Affected features: WebKit
  • Impact: Arbitrary code execution
  • CVEs: CVE-2021-30665

SanerNow detects these vulnerabilities and automatically fixes them by applying security updates. Use SanerNow to keep your systems updated and secure.

Subscribe For More Posts Like This

Get the latest research, best practices, industry trends and cybersecurity blogs from SecPod security experts

Invalid email address
We promise not to spam you. You can unsubscribe at any time.
0 0 votes
Article Rating
Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments