Security News > 2021 > May > Apple fixes four zero-days under attack
A week after Apple patched a macOS zero-day exploited by Shlayer malware for months for months, the company has released new security updates for macOS, iOS, iPadOS and watch OS that plug four additional zero-days that "May have been actively exploited".
CVE-2021-30665 - a memory corruption issue in WebKit that could lead to arbitrary code execution when a user views maliciously crafted web content.
WatchOS 7.4.1 plugs only the first of those security holes, while iOS 12.5.3 fixes both, as well as two other vulnerabilities that may have been exploited in the wild: CVE-2021-30666 and CVE-2021-30661, both of which may lead to arbitrary code execution when a user loads maliciously crafted web content.
WebKit is a browser engine developed by Apple and used by Safari on macOS, iOS and iPadOS. Though watchOS doesn't have the Safari app, it has WebKit so that Apple Watch users can open web content on the device.
As per usual, Apple has not shared specific details about the fixed flaws or explained in which attacks they are being exploited.
Users are advised to update their Apple devices as soon as possible.
News URL
http://feedproxy.google.com/~r/HelpNetSecurity/~3/1w7C6A59IQc/
Related news
- Microsoft fixes 6 zero-days under active attack (source)
- Google fixes ninth Chrome zero-day exploited in attacks this year (source)
- Week in review: PostgreSQL databases under attack, new Chrome zero-day actively exploited (source)
- Versa fixes Director zero-day vulnerability exploited in attacks (source)
- Windows vulnerability abused braille “spaces” in zero-day attacks (source)
- Rackspace monitoring data stolen in ScienceLogic zero-day attack (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-09-08 | CVE-2021-30666 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple Iphone OS A buffer overflow issue was addressed with improved memory handling. | 8.8 |
| 2021-09-08 | CVE-2021-30665 | Out-of-bounds Write vulnerability in Apple products A memory corruption issue was addressed with improved state management. | 8.8 |
| 2021-09-08 | CVE-2021-30661 | Use After Free vulnerability in Apple products A use after free issue was addressed with improved memory management. | 8.8 |