Apple Issues Patches for Webkit Security Flaws
The vulnerabilities may already be under active attack, Apple says in an advisory.
Apple has released several security updates to address vulnerabilities in multiple products including iOS, WatchOS and iPadOS.
Some of the new patches resolve WebKit flaws that can be exploited through "maliciously crafted web content" that could lead to arbitrary code execution, Apple officials write in an alert, noting attackers may already be using these in the wild.
"Apple is aware of a report that this issue may have been actively exploited," the company says in its advisory for WebKit vulnerabilities CVE-2021-30665 and CVE-2021-30663.
The updates address several problems, including buffer overflow and use after free issues on older iOS devices. Other updates patch a memory corruption issue and integer overflow on macOS and iOS.
CISA has also issued an advisory encouraging users and administrators to review the latest Apple security advisories and apply the necessary updates. "An attacker could exploit some of these vulnerabilities to take control of an affected device," the CISA warning says.
Last month, Apple issued a patch for a major security flaw in its newly released macOS 11.3.
The latest Apple advisories can be read here and the CISA release can be read here.
About the Author
You May Also Like
The State of Attack Surface Management (ASM), Featuring Forrester
Nov 15, 2024Applying the Principle of Least Privilege to the Cloud
Nov 18, 2024The Right Way to Use Artificial Intelligence and Machine Learning in Incident Response
Nov 20, 2024Safeguarding GitHub Data to Fuel Web Innovation
Nov 21, 2024