The vulnerabilities may already be under active attack, Apple says in an advisory.
Apple has released several security updates to address vulnerabilities in multiple products including iOS, WatchOS and iPadOS.
Some of the new patches resolve WebKit flaws that can be exploited through "maliciously crafted web content" that could lead to arbitrary code execution, Apple officials write in an alert, noting attackers may already be using these in the wild.
"Apple is aware of a report that this issue may have been actively exploited," the company says in its advisory for WebKit vulnerabilities CVE-2021-30665 and CVE-2021-30663.
The updates address several problems, including buffer overflow and use after free issues on older iOS devices. Other updates patch a memory corruption issue and integer overflow on macOS and iOS.
CISA has also issued an advisory encouraging users and administrators to review the latest Apple security advisories and apply the necessary updates. "An attacker could exploit some of these vulnerabilities to take control of an affected device," the CISA warning says.
Last month, Apple issued a patch for a major security flaw in its newly released macOS 11.3.
The latest Apple advisories can be read here and the CISA release can be read here.
About the Author(s)
You May Also Like
The fuel in the new AI race: Data
April 23, 2024Securing Code in the Age of AI
April 24, 2024Beyond Spam Filters and Firewalls: Preventing Business Email Compromises in the Modern Enterprise
April 30, 2024Key Findings from the State of AppSec Report 2024
May 7, 2024Is AI Identifying Threats to Your Network?
May 14, 2024
Black Hat USA - August 3-8 - Learn More
August 3, 2024Cybersecurity's Hottest New Technologies: What You Need To Know
March 21, 2024