Security News > 2021 > June > Apple Hurries Patches for Safari Bugs Under Active Attack

Apple issued two out-of-band security fixes for its Safari web browser, fixing zero-day vulnerabilities that "May have been actively exploited," according to a Monday security bulletin by the company.

The bugs affect sixth-generation Apple iPhones, iPads and iPod touch model hardware, released between 2013 and 2018.

Technical details of the two bugs, Apple said, will not be released, "Until an investigation has occurred and patches or releases are available."Both bugs are tied to Apple's Safari browser and the underlying iOS code, called WebKit, which is responsible for rendering web pages.

Apple is crediting the discovery of both bugs to an anonymous researcher.

One of the bugs patched by Apple addresses a "Memory corruption issue" and improves the Apple WebKit state management.

In its advisory Apple wrote: "Impact: Processed maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited."

News URL

https://threatpost.com/apple-patch-safari-active-attack/166922/