Both vulnerabilities reside in Webkit, a browser engine that renders Web content in Safari, Mail, App Store, and other select apps running on iOS, macOS, and Linux. CVE-2021-30663 and CVE-2021-30665, as the zero-days are tracked, have now been patched. Last week, Apple fixed CVE-2021-30661, another code-execution flaw in iOS Webkit, that also might have been actively exploited.
“Processing maliciously crafted web content may lead to arbitrary code execution,” Apple said in its security notes, referring to the flaws. “Apple is aware of a report that this issue may have been actively exploited.” MacOS 11.3.1, which Apple also released on Monday, also fixed CVE-2021-30663 and CVE-2021-30665.
Read 6 remaining paragraphs | Comments