The vulnerabilities may already be under active attack, Apple says in an advisory.
Apple has released several security updates to address vulnerabilities in multiple products including iOS, WatchOS and iPadOS.
Some of the new patches resolve WebKit flaws that can be exploited through “maliciously crafted web content” that could lead to arbitrary code execution, Apple officials write in an alert, noting attackers may already be using these in the wild.
“Apple is aware of a report that this issue may have been actively exploited,” the company says in its advisory for WebKit vulnerabilities CVE-2021-30665 and CVE-2021-30663.
The updates address several problems, including buffer overflow and use after free issues on older iOS devices. Other updates patch a memory corruption issue and integer overflow on macOS and iOS.
CISA has also issued an advisory encouraging users and administrators to review the latest Apple security advisories and apply the necessary updates. “An attacker could exploit some of these vulnerabilities to take control of an affected device,” the CISA warning says.
Last month, Apple issued a patch for a major security flaw in its newly released macOS 11.3.
Dark Reading’s Quick Hits delivers a brief synopsis and summary of the significance of breaking news events. For more information from the original source of the news item, please follow the link provided in this article. View Full Bio