![]() ![]() Exploiting these flaws would allow a remote attacker “to cause arbitrary code execution,” the company said. The WebKit vulnerabilities are both logic issues that the update addresses with improved restrictions, according to Apple. Two of these – CVE-2021-1870 and CVE-2021-1871 – were discovered in WebKit (while the third, tracked as CVE-2021-1782, was found in the OS kernel). It’s only the latest bug to be found in WebKit: Apple in January released an emergency update that patched three recently discovered bugs in iOS. Apple users can visit this page to learn how to update their devices.Ĭlément Lecigne of Google’s Threat Analysis Group and Alison Huffman of Microsoft Browser Vulnerability Research were credited with discovering the flaw. Security fixes are also available via Safari 14.0.3 for macOS Catalina and macOS Mojave: “After installing this update, the build number for Safari 14.0.3 is 14610.4.3.1.7 on macOS Mojave and 15610.4.3.1.7 on macOS Catalina,” noted Apple. What Apple Devices Are Affected?Īpple pushed the updates out across a variety of devices. Updates are available via macOS Big Sur 11.2.3 watchOS 7.3.2 (for the Apple Watch series 3 or later) and iOS 14.4.1 and iPadOS 14.4.1 (for the iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation). In a real-world attack, “a remote attacker can create a specially crafted web page, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system,” according to an advisory. In the case of this specific flaw, if WebKit processes specially-crafted, malicious web content, it could lead to successful exploitation, according to Apple. The vulnerability stems from a memory-corruption issue in WebKit this type of bug occurs when the contents of a memory location are modified in a way that exceeds the intention of the original program/language constructs – allowing attackers to execute arbitrary code. The WebKit browser engine was developed by Apple for use in its Safari web browser – however, it is also used by Apple Mail, the App Store, and various apps on the macOS and iOS operating systems. ![]() An exploit would allow an attacker to remotely execute code and ultimate take over the system.Īpple on Monday urged affected device users to update as soon as possible: “Keeping your software up-to-date is one of the most important things you can do to maintain your Apple product’s security,” said the company on Monday. ![]() The bug (CVE-2021-1844) ranks 7.7 out of 10 on the CVSS vulnerability-severity scale, making it high-severity. The mobile giant released security updates on Monday for the flaw, for its Safari browser, as well as devices running macOS, watchOS and iOS. Apple is rolling out fixes for a high-severity vulnerability in its WebKit browser engine that, if exploited, could allow remote attackers to completely compromise affected systems. ![]()
0 Comments
Leave a Reply. |