Security News > 2021 > March > Apple Plugs Severe WebKit Remote Code-Execution Hole

Apple Plugs Severe WebKit Remote Code-Execution Hole
2021-03-09 15:58

Apple is rolling out fixes for a high-severity vulnerability in its WebKit browser engine that, if exploited, could allow remote attackers to completely compromise affected systems.

Apple on Monday urged affected device users to update as soon as possible: "Keeping your software up-to-date is one of the most important things you can do to maintain your Apple product's security," said the company on Monday.

The WebKit browser engine was developed by Apple for use in its Safari web browser - however, it is also used by Apple Mail, the App Store, and various apps on the macOS and iOS operating systems.

In the case of this specific flaw, if WebKit processes specially-crafted, malicious web content, it could lead to successful exploitation, according to Apple.

It's only the latest bug to be found in WebKit: Apple in January released an emergency update that patched three recently discovered bugs in iOS. Two of these - CVE-2021-1870 and CVE-2021-1871 - were discovered in WebKit.

The WebKit vulnerabilities are both logic issues that the update addresses with improved restrictions, according to Apple.


News URL

https://threatpost.com/apple-webkit-remote-code-execution/164595/

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2021-04-02 CVE-2021-1870 A logic issue was addressed with improved restrictions.
network
low complexity
apple webkitgtk fedoraproject
critical
 9.8
9.8
2021-04-02 CVE-2021-1871 A logic issue was addressed with improved restrictions.
network
low complexity
apple debian fedoraproject
critical
 9.8
9.8

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Apple 138 584 4213 1628 2414 8839
Webkit 3 0 8 3 0 11