Plus: Micro-op CPU caches abused to leak data, and more Share
Copy
In Brief Apple on Monday patched security flaws in its software said to have been exploited in the wild by miscreants to hijack gear.
WebKit, fixed in macOS Big Sur 11.3.1, can be tricked into executing arbitrary code by processing malicious web content – a bad webpage can take over the browser, in other words. Apple is aware of a report that this issue may have been actively exploited, it said in its advisory.
Specifically, there are two bugs: memory corruption flaw CVE-2021-30665, which was found by a trio at 360 ATA, and an integer overflow issue CVE-2021-30663, credited to an anonymous researcher. The same holes are fixed in iOS 14.5.1 and iPadOS 14.5.1, and the memory corruption problem is addressed in watchOS 7.4.1.