Apple’s problems with zero-day attacks continued this week with news of another mysterious in-the-wild compromise affecting iPhones, iPads and MacOS devices.
News of the latest compromise was included in a one-line mention in an advisory from Apple that documents fixes for a pair of WebKit security flaws that have been exploited on both iPhones and MacOS computers.
Apple’s newest iOS/iPadOS 14.5.1 update addresses the following vulnerabilities:
WebKit (CVE-2021-30665) -- Processing maliciously crafted web content may lead to arbitrary code execution. A memory corruption issue was addressed with improved state management. Apple is aware of a report that this issue may have been actively exploited.
WebKit (CVE-2021-30663) - Processing
maliciously crafted web content may lead to arbitrary code
execution. An integer overflow was addressed with improved input
validation. Apple is aware of a report that this issue may have
been actively exploited.
A separate advisory documents the two flaws on MacOS and recommends Apple customers upgrade immediately to macOS Big Sur 11.3.1.