Apple Releases Urgent Security Patch for Zero-Day Bugs to Fix Activated Attacks!

Apple Releases Urgent Security Patch for Zero-Day Bugs to Fix Activated Attacks!

On 3rd May 2021, Apple revealed security updates for macOS, iOS, and watchOS that were addressing the three zero-day flaws and another fourth vulnerability that the company wants to fix before the exploitation.

These fixed vulnerabilities in the updates are linked with WebKit, that browser engine and powers by Safari or other third-party web browsers running in iOS. This permits the attackers to execute the arbitrary code on the targeted devices.

Apple Releases Urgent Security Patch for Zero-Day Bugs to Fix Activated Attacks!

According to the experts, these three bugs will get fixed as listed below;

  • CVE-2021-30663: Integer overflow that could exploit the other crafted malicious web contents which may initiate the code execution. These bugs are also addressed with the improved validation input.
  • CVE-2021-30665: Identified as memory corruption issue that may exploit the crafted malicious web content which also leads the execution code. These vulnerabilities present with improved state management.
  • CVE-2021-30666: Known as buffer flow vulnerability that may exploit the crafted web content and execute the code execution. These vulnerabilities were addressed with improvised memory handling. 

However, this development also comes after the week when Apple rolled out the iOS 14.5 and macOS Big Sur 11.3 while fixing the potentially exploitable WebKit storage vulnerability that was tracked as CVE-2021-30661. After that use-after-free issue was founded by the security researcher and reported to the iPhone maker. 

Apple Releases Urgent Security Patch for Zero-Day Bugs to Fix Activated Attacks!

It is identified that CVE-2021-30666 affects the older version of Apple devices which includes iPhone 5s, iPhone 6, iPhone 6 Plus, iPad Air, iPad mini 2, iPad mini 3, and iPod touch. This iOS 12.5.3 update also remediates the flaw which includes the patch for CVE-2021-30661.

Whereas, the organization said that they were aware of these issues and some of them are maybe exploited but as these are typical to understand and the experts are failed to elaborate the nature of attacks that the victims may be targeted the actors by abusing them.

Apple recommended all the users update the latest versions while revoking the unwanted risk that is associated with these bugs. 

Leave a Reply