The vulnerabilities may already be under active attack, Apple says in an advisory.

Dark Reading Staff, Dark Reading

May 5, 2021

1 Min Read

Apple has released several security updates to address vulnerabilities in multiple products including iOS, WatchOS and iPadOS.

Some of the new patches resolve WebKit flaws that can be exploited through "maliciously crafted web content" that could lead to arbitrary code execution, Apple officials write in an alert, noting attackers may already be using these in the wild. 

"Apple is aware of a report that this issue may have been actively exploited," the company says in its advisory for WebKit vulnerabilities CVE-2021-30665 and CVE-2021-30663.

The updates address several problems, including buffer overflow and use after free issues on older iOS devices. Other updates patch a memory corruption issue and integer overflow on macOS and iOS.

CISA has also issued an advisory encouraging users and administrators to review the latest Apple security advisories and apply the necessary updates. "An attacker could exploit some of these vulnerabilities to take control of an affected device," the CISA warning says.

Last month, Apple issued a patch for a major security flaw in its newly released macOS 11.3. 

The latest Apple advisories can be read here and the CISA release can be read here.

About the Author(s)

Dark Reading Staff

Dark Reading

Dark Reading is a leading cybersecurity media site.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like


More Insights