Apple Warns of New Zero-Day Attacks on iOS, MacOS

Apple Warns of New Zero-Day Attacks on iOS, MacOS

Apple’s problems with zero-day attacks continued this week with news of another mysterious in-the-wild compromise affecting iPhones, iPads and MacOS devices.

News of the latest compromise was included in a one-line mention in an advisory from Apple that documents fixes for a pair of WebKit security flaws that have been exploited on both iPhones and MacOS computers.

Apple’s newest iOS/iPadOS 14.5.1 update addresses the following vulnerabilities:

WebKit (CVE-2021-30665) -- Processing maliciously crafted web content may lead to arbitrary code execution. A memory corruption issue was addressed with improved state management.  Apple is aware of a report that this issue may have been actively exploited.

WebKit (CVE-2021-30663) - Processing maliciously crafted web content may lead to arbitrary code execution. An integer overflow was addressed with improved input validation. Apple is aware of a report that this issue may have been actively exploited.

A separate advisory documents the two flaws on MacOS and recommends Apple customers upgrade immediately to macOS Big Sur 11.3.1.

Related: Apple iOS 14.5 Patches 50 Security Flaws

Related: Apple Patches Under-Attack iOS Zero-Day

view counter
image
Ryan Naraine is Editor-at-Large at SecurityWeek and host of the popular Security Conversations podcast series. Ryan is a journalist and cybersecurity strategist with more than 20 years experience covering IT security and technology trends. He is a regular speaker at cybersecurity conferences around the world. Ryan has built security engagement programs at major global brands, including Intel Corp., Bishop Fox and Kaspersky GReAT. He is a co-founder of Threatpost and the global SAS conference series. Ryan's career as a journalist includes bylines at major technology publications including Ziff Davis eWEEK, CBS Interactive's ZDNet, PCMag and PC World. Follow Ryan on Twitter @ryanaraine.
Previous Columns by Ryan Naraine:
Tags: