Security News > 2021 > June > Apple Hurries Patches for Safari Bugs Under Active Attack

Apple issued two out-of-band security fixes for its Safari web browser, fixing zero-day vulnerabilities that "May have been actively exploited," according to a Monday security bulletin by the company.
The bugs affect sixth-generation Apple iPhones, iPads and iPod touch model hardware, released between 2013 and 2018.
Technical details of the two bugs, Apple said, will not be released, "Until an investigation has occurred and patches or releases are available."Both bugs are tied to Apple's Safari browser and the underlying iOS code, called WebKit, which is responsible for rendering web pages.
Apple is crediting the discovery of both bugs to an anonymous researcher.
One of the bugs patched by Apple addresses a "Memory corruption issue" and improves the Apple WebKit state management.
In its advisory Apple wrote: "Impact: Processed maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited."
News URL
https://threatpost.com/apple-patch-safari-active-attack/166922/
Related news
- New Apple CPU side-channel attacks steal data from browsers (source)
- SLAP, Apple, and FLOP: Safari, Chrome at risk of data theft on iPhone, Mac, iPad Silicon (source)
- New SLAP & FLOP Attacks Expose Apple M-Series Chips to Speculative Execution Exploits (source)
- Apple fixes zero-day exploited in 'extremely sophisticated' attacks (source)
- Apple warns 'extremely sophisticated attack' may be targeting iThings (source)
- Apple fixes zero-day flaw exploited in “extremely sophisticated” attack (CVE-2025-24200) (source)
- Apple fixes WebKit zero-day exploited in ‘extremely sophisticated’ attacks (source)
- Apple Releases Patch for WebKit Zero-Day Vulnerability Exploited in Targeted Attacks (source)