Apple released security updates to address four zero-day vulnerabilities impacting WebKit, which is used by multiple products of the IT giant, including iPadOS, tvOS, and watchOS.
The WebKit browser engine is used by multiple products to display web content.
Apple fixed the three suspected WebKit zero-day flaws, tracked as CVE-2021-30663, CVE-2021-30665, and CVE-2021-30666, with the release of macOS Big Sur 11.3.1, iOS 12.5.3, iOS 14.5.1, iPadOS 14.5.1, and watchOS 7.4.1. The company also fixed the fourth issue, tracked as CVE-2021-30661, with the release of iOS 12.5.3. Apple first patched this flaw in iOS, iPadOS, watchOS, and tvOS.
“Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.” reads the description provided by Apple for all the flaws.
The tech giant did not share technical details about the flaws and how to trigger them.
All the bugs were reported to Apple by researcher @dnpushme from Qihoo 360 ATA.
If you want to receive the weekly Security Affairs Newsletter for free subscribe here.
(SecurityAffairs – hacking, WebKit)
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.