Article 5HDFZ Apple Reports 2 iOS 0-days That Let Hackers Compromise Fully Patched Devices

Apple Reports 2 iOS 0-days That Let Hackers Compromise Fully Patched Devices

by
Fnord666
from SoylentNews on (#5HDFZ)

upstart writes in with an IRC submission:

Apple reports 2 iOS 0-days that let hackers compromise fully patched devices:

A week after Apple issued its biggest iOS and iPadOS update since last September's release of version 14.0, the company has released a new update to patch two zero-days that allowed attackers to execute malicious code on fully up-to-date devices. Monday's release of version 14.5.1 also fixes problems with a bug in the newly released App Tracking Transparency feature rolled out in the previous version.

Both vulnerabilities reside in Webkit, a browser engine that renders Web content in Safari, Mail, App Store, and other select apps running on iOS, macOS, and Linux. CVE-2021-30663 and CVE-2021-30665, as the zero-days are tracked, have now been patched. Last week, Apple fixed CVE-2021-30661, another code-execution flaw in iOS Webkit, that also might have been actively exploited.

"Processing maliciously crafted web content may lead to arbitrary code execution," Apple said in its security notes, referring to the flaws. "Apple is aware of a report that this issue may have been actively exploited." MacOS 11.3.1, which Apple also released on Monday, also fixed CVE-2021-30663 and CVE-2021-30665.

CVE-2021-30665 was discovered by researchers from China-based security firm Qihoo 360. The other vulnerability was discovered by an anonymous source. Apple provided no details about who is using the exploits or who is being targeted by them.

CVE-2021-30663
CVE-2021-30665

Original Submission

Read more of this story at SoylentNews.

External Content
Source RSS or Atom Feed
Feed Location https://soylentnews.org/index.rss
Feed Title SoylentNews
Feed Link https://soylentnews.org/
Feed Copyright Copyright 2014, SoylentNews
Reply 0 comments