Security News > 2021 > May > Apple Releases Urgent Security Patches For Zero‑Day Bugs Under Active Attacks
Apple on Monday released security updates for iOS, macOS, and watchOS to address three zero-day flaws and expand patches for a fourth vulnerability that the company said might have been exploited in the wild.
The development comes a week after Apple rolled out iOS 14.5 and macOS Big Sur 11.3 with a fix for a potentially exploited WebKit Storage vulnerability.
Tracked as CVE-2021-30661, the use-after-free issue was discovered and reported to the iPhone maker by a security researcher named yangkang of Qihoo 360 ATA. yangkang, along with zerokeeper and bianliang, have been credited with reporting the three new flaws.
Users of Apple devices are recommended to update to the latest versions to mitigate the risk associated with the flaws.
Update: Apple has also released a new version of Safari 14.1 for macOS Catalina and macOS Mojave, with the update introducing fixes for the two WebKit flaws CVE-2021-30663 and CVE-2021-30665.
The update comes a day after patches were shipped for iOS, macOS, and watchOS..
News URL
Related news
- Google Adds New Pixel Security Features to Block 2G Exploits and Baseband Attacks (source)
- WordPress LiteSpeed Cache Plugin Security Flaw Exposes Sites to XSS Attacks (source)
- EDRSilencer red team tool used in attacks to bypass security (source)
- ISC2 Security Congress 2024: The Landscape of Nation-State Cyber Attacks (source)
- Apple Opens PCC Source Code for Researchers to Identify Bugs in Cloud AI Security (source)
- Stop LUCR-3 Attacks: Learn Key Identity Security Tactics in This Expert Webinar (source)
- T-Mobile US 'monitoring' China's 'industry-wide attack' amid fresh security breach fears (source)
- Apple fixes two zero-days used in attacks on Intel-based Macs (source)
- Apple Patches Two Zero-Day Attack Vectors (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-09-08 | CVE-2021-30665 | Out-of-bounds Write vulnerability in Apple products A memory corruption issue was addressed with improved state management. | 8.8 |
| 2021-09-08 | CVE-2021-30663 | Integer Overflow or Wraparound vulnerability in Apple products An integer overflow was addressed with improved input validation. | 8.8 |
| 2021-09-08 | CVE-2021-30661 | Use After Free vulnerability in Apple products A use after free issue was addressed with improved memory management. | 8.8 |