Apple has released updates to its operating systems that fix some of the leaks in WebKit. The zero days may have been misused, the manufacturer acknowledges. These are updates for iOS, iPadOS, macOS and watchOS.
Little is known about the leaks. Apple calls in the changelog some CVE numbers, CVE-2021-30665 on CVE-2021-30663, but no information is available on this yet. The security researcher named by Apple also lists a third CVE number, namely CVE-2021-30661 and also promises to release more details later.
Apple says one leak is a memory corruption leak, while the other is an integer overflow. Both leaks are in WebKit, Safari’s rendering engine and much of the web’s content in apps. The manufacturer recommends that all users update as there are indications that the leaks are being actively exploited.
It’s about iOS on iPadOS 14.5.1 for the iPhone 6s, iPad Air 2 and later, but for older iPhones, iPads and the iPod touch is also iOS 12.5.3 came out with the same fixes. On Macs it is about macOS Big Sur 11.3.1 and at the Watch watchOS 7.4.1.
–