Security News > 2021 > May > Apple fixes four zero-days under attack
A week after Apple patched a macOS zero-day exploited by Shlayer malware for months for months, the company has released new security updates for macOS, iOS, iPadOS and watch OS that plug four additional zero-days that "May have been actively exploited".
CVE-2021-30665 - a memory corruption issue in WebKit that could lead to arbitrary code execution when a user views maliciously crafted web content.
WatchOS 7.4.1 plugs only the first of those security holes, while iOS 12.5.3 fixes both, as well as two other vulnerabilities that may have been exploited in the wild: CVE-2021-30666 and CVE-2021-30661, both of which may lead to arbitrary code execution when a user loads maliciously crafted web content.
WebKit is a browser engine developed by Apple and used by Safari on macOS, iOS and iPadOS. Though watchOS doesn't have the Safari app, it has WebKit so that Apple Watch users can open web content on the device.
As per usual, Apple has not shared specific details about the fixed flaws or explained in which attacks they are being exploited.
Users are advised to update their Apple devices as soon as possible.
News URL
http://feedproxy.google.com/~r/HelpNetSecurity/~3/1w7C6A59IQc/
Related news
- Apple fixes two zero-days used in attacks on Intel-based Macs (source)
- Apple Patches Two Zero-Day Attack Vectors (source)
- Rackspace monitoring data stolen in ScienceLogic zero-day attack (source)
- Qualcomm patches high-severity zero-day exploited in attacks (source)
- Ivanti warns of three more CSA zero-days exploited in attacks (source)
- Mozilla fixes Firefox zero-day actively exploited in attacks (source)
- Firefox Zero-Day Under Attack: Update Your Browser Immediately (source)
- CISA Adds ScienceLogic SL1 Vulnerability to Exploited Catalog After Active Zero-Day Attack (source)
- Fortinet warns of new critical FortiManager flaw used in zero-day attacks (source)
- Fortinet FortiManager flaw exploited in zero-day attacks (CVE-2024-47575) (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-09-08 | CVE-2021-30666 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple Iphone OS A buffer overflow issue was addressed with improved memory handling. | 8.8 |
| 2021-09-08 | CVE-2021-30665 | Out-of-bounds Write vulnerability in Apple products A memory corruption issue was addressed with improved state management. | 8.8 |
| 2021-09-08 | CVE-2021-30661 | Use After Free vulnerability in Apple products A use after free issue was addressed with improved memory management. | 8.8 |