Security News > 2021 > May > Apple Releases Urgent Security Patches For Zero‑Day Bugs Under Active Attacks
Apple on Monday released security updates for iOS, macOS, and watchOS to address three zero-day flaws and expand patches for a fourth vulnerability that the company said might have been exploited in the wild.
The development comes a week after Apple rolled out iOS 14.5 and macOS Big Sur 11.3 with a fix for a potentially exploited WebKit Storage vulnerability.
Tracked as CVE-2021-30661, the use-after-free issue was discovered and reported to the iPhone maker by a security researcher named yangkang of Qihoo 360 ATA. yangkang, along with zerokeeper and bianliang, have been credited with reporting the three new flaws.
Users of Apple devices are recommended to update to the latest versions to mitigate the risk associated with the flaws.
Update: Apple has also released a new version of Safari 14.1 for macOS Catalina and macOS Mojave, with the update introducing fixes for the two WebKit flaws CVE-2021-30663 and CVE-2021-30665.
The update comes a day after patches were shipped for iOS, macOS, and watchOS..
News URL
Related news
- Cross-Domain Attacks: A Growing Threat to Modern Security and How to Combat Them (source)
- Patch Tuesday: January 2025 Security Update Patches Exploited Elevation of Privilege Attacks (source)
- Balancing usability and security in the fight against identity-based attacks (source)
- Apple plugs security hole in its iThings that's already been exploited in iOS (source)
- Security pros more confident about fending off ransomware, despite being battered by attacks (source)
- New Apple CPU side-channel attacks steal data from browsers (source)
- New SLAP & FLOP Attacks Expose Apple M-Series Chips to Speculative Execution Exploits (source)
- Apple fixes zero-day exploited in 'extremely sophisticated' attacks (source)
- Apple warns 'extremely sophisticated attack' may be targeting iThings (source)
- Apple fixes zero-day flaw exploited in “extremely sophisticated” attack (CVE-2025-24200) (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-09-08 | CVE-2021-30665 | Out-of-bounds Write vulnerability in Apple products A memory corruption issue was addressed with improved state management. | 8.8 |
| 2021-09-08 | CVE-2021-30663 | Integer Overflow or Wraparound vulnerability in Apple products An integer overflow was addressed with improved input validation. | 8.8 |
| 2021-09-08 | CVE-2021-30661 | Use After Free vulnerability in Apple products A use after free issue was addressed with improved memory management. | 8.8 |