Security News > 2021 > June > Apple Issues Urgent Patches for 2 Zero-Day Flaws Exploited in the Wild
Apple on Monday shipped out-of-band security patches to address two zero-day vulnerabilities in iOS 12.5.3 that it says are being actively exploited in the wild.
The latest update, iOS 12.5.4, comes with fixes for three security bugs, including a memory corruption issue in ASN.1 decoder and two flaws concerning its WebKit browser engine that could be abused to achieve remote code execution -.
CVE-2021-30761 - A memory corruption issue that could be exploited to gain arbitrary code execution when processing maliciously crafted web content.
CVE-2021-30762 - A use-after-free issue that could be exploited to gain arbitrary code execution when processing maliciously crafted web content.
CVE-2021-30665 - Processing maliciously crafted web content may lead to arbitrary code execution.
CVE-2021-30666 - Processing maliciously crafted web content may lead to arbitrary code execution.
News URL
Related news
- Apple fixes two zero-days used in attacks on Intel-based Macs (source)
- Apple Releases Urgent Updates to Patch Actively Exploited Zero-Day Vulnerabilities (source)
- Apple fixes 2 zero-days exploited to breach macOS systems (CVE-2024-44309, CVE-2024-44308) (source)
- Apple Patches Two Zero-Day Attack Vectors (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-09-08 | CVE-2021-30666 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple Iphone OS A buffer overflow issue was addressed with improved memory handling. | 8.8 |
| 2021-09-08 | CVE-2021-30665 | Out-of-bounds Write vulnerability in Apple products A memory corruption issue was addressed with improved state management. | 8.8 |
| 2021-09-08 | CVE-2021-30762 | Use After Free vulnerability in Apple Iphone OS A use after free issue was addressed with improved memory management. | 8.8 |
| 2021-09-08 | CVE-2021-30761 | Out-of-bounds Write vulnerability in Apple Iphone OS A memory corruption issue was addressed with improved state management. | 8.8 |