Every week after Apple issued its biggest iOS and iPadOS update since final September’s launch of model 14.0, the corporate has launched a brand new replace to patch two zero-days that allowed attackers to execute malicious code on totally up-to-date units. Monday’s launch of model 14.5.1 additionally fixes issues with a bug within the newly launched App Monitoring Transparency characteristic rolled out within the earlier model.
Each vulnerabilities reside in Webkit, a browser engine that renders Internet content material in Safari, Mail, App Retailer, and different choose apps working on iOS, macOS, and Linux. CVE-2021-30663 and CVE-2021-30665, because the zero-days are tracked, have now been patched. Final week, Apple fixed CVE-2021-30661, one other code-execution flaw in iOS Webkit, that additionally might need been actively exploited.
“Processing maliciously crafted net content material might result in arbitrary code execution,” Apple mentioned in its security notes, referring to the failings. “Apple is conscious of a report that this difficulty might have been actively exploited.” MacOS 11.3.1, which Apple additionally released on Monday, additionally fastened CVE-2021-30663 and CVE-2021-30665.
Biz & IT – Ars Technica