Apple released May 2021 zero-day exploit security updates for multiple products, including Safari, macOS, iOS, iPadOS, tvOS and watchOS. Apple Zero Day Exploit of some of these security flaws will allow an attacker to take control of theĀ victim’s system and put Mac users at great risk. However, a vulnerability management tool can mitigate these.
The updates for Apple products include fixes for 4 vulnerabilities, including two zero-days. These flaws allow attackers to corrupt memory, execute arbitrary code, and even control the affected device. All these flaws are observed to be actively exploited by attackers. To avoid these flaws, we can use a patch management tool.
Zero-Day (CVE-2021-30665)
A critical zero-day vulnerability residing in the Webkit browser engine of iOS is fixed in this May update. The vulnerability is due to a memory corruption issue related to improper state management. Also, the vulnerability allows an attacker to remotely execute commands on vulnerable devices simply by visiting a malicious website. The vulnerability is discovered and reported by security researchers from China. The new release of 14.5.1 is mitigating this issue along with other bugs.
Zero-Day (CVE-2021-30663)
One more critical zero-day vulnerability residing in the Webkit browser rendering engine of iOS is also fixed in this security update. The vulnerability is due to an integer overflow issue related to improper input validation. It allows attackers to conduct remote code execution on iPhones, iPads, iPods, macOS, and Apple Watch devices. An anonymous source is behind the discovery of this 0-day.
Apple Security Updates Summary for May 2021
- Affected OS: macOS Big Sur
- Affected features: WebKit
- Impact: Arbitrary code execution
- CVEs: CVE-2021-30665, CVE-2021-30663
- Affected OS: macOS Catalina and macOS Mojave
- Affected features: WebKit
- Impact: Arbitrary code execution
- CVEs: CVE-2021-30665, CVE-2021-30663
- Product: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)
- Affected features: WebKit
- Impact: Arbitrary code execution
- CVEs: CVE-2021-30665, CVE-2021-30663
- Product: iPhone 5s, iPhone 6, iPhone 6 Plus, iPad Air, iPad mini 2, iPad mini 3, and iPod touch (6th generation)
- Affected features: WebKit, WebKit Storage
- Impact: Arbitrary code execution
- CVEs: CVE-2021-30665, CVE-2021-30663, CVE-2021-30661, CVE-2021-30666
- Product: Apple Watch Series 3 and later
- Affected features: WebKit
- Impact: Arbitrary code execution
- CVEs: CVE-2021-30665
Moreover, Apple Zero Day Exploit affected these products.
Also, SanerNow detects these vulnerabilities and automatically fixes them by applying security updates. Furthermore, Use SanerNow to keep your systems updated and secure.