Security News > 2021 > May > Apple patches iOS, macOS, iPadOS, watchOS, kitchen-sinkOS bugs said to be exploited in the wild

Apple patches iOS, macOS, iPadOS, watchOS, kitchen-sinkOS bugs said to be exploited in the wild
2021-05-04 01:35

Apple on Monday patched security flaws in its software said to have been exploited in the wild by miscreants to hijack gear.

WebKit, fixed in macOS Big Sur 11.3.1, can be tricked into executing arbitrary code by processing malicious web content - a bad webpage can take over the browser, in other words.

The same holes are fixed in iOS 14.5.1 and iPadOS 14.5.1, and the memory corruption problem is addressed in watchOS 7.4.1.

iOS 12.5.3 was released to fix up both holes plus WebKit buffer overflow blunder CVE-2021-30666, also found by the 360 ATA trio and also said to have been exploited in the wild to execute malicious code on iThings.

The three researchers also found CVE-2021-30661, a use-after-free() in WebKit Storage again believed to have been exploited in the wild to hijack devices.

Today's Intel and AMD processors store these instruction fragments in a cache, and as we saw with Spectre, if something's cached in a core, it can probably be exploited to inadvertently leak information.


News URL

https://go.theregister.com/feed/www.theregister.com/2021/05/04/in_brief_security/

Related news

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2021-09-08 CVE-2021-30666 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple Iphone OS
A buffer overflow issue was addressed with improved memory handling.
network
low complexity
apple CWE-119
8.8
8.8
2021-09-08 CVE-2021-30661 Use After Free vulnerability in Apple products
A use after free issue was addressed with improved memory management.
network
low complexity
apple CWE-416
8.8
8.8

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Apple 68 212 1433 2208 257 4110