Apple issues security update for WebKit flaws
Latest in cybersecurity.
Apple released a series of security updates Monday to counter hackers actively exploiting two flaws affecting some later-generation iPhones, as well as a whole host of iPad and iPod models.
The update includes a fix for one of the flaws, a memory corruption issue, would have allowed hackers to arbitrarily execute code on victim devices, Apple said.
The other flaw that Apple fixed would have allowed external actors to execute arbitrary code, too.
Both of the issues affected WebKit, Apple’s web browser engine.
Apple acknowledged that there are reports that hackers have been exploiting both issues in the wild to hack victims’ devices. Apple does not identify which hackers have been taking advantage of the vulnerabilities.
It’s just the latest vulnerability cleanup Apple has had to grapple with in the past several months. Last week Apple pushed a security update that addressed a logic bug that made it so hackers could target users with malicious applications in a way that bypassed Apple’s security protections. Researchers also recently found hackers targeting Apple developers with malware as well as a flaw that was leaking email addresses from Apple’s AirDrop.
The models impacted by Monday’s security fixes include all iPad Pro models, iPad Air 2 and later, iPad 5th generation and later, iPad mini4 and later, 7th generation iPod touch and iPhone 6s and later.
Apple also released updates Monday that would patch for a buffer overflow issue and a use-after-free issue, which is a kind of memory corruption bug.
via CyberScoop https://ift.tt/2hq4cKh
May 3, 2021 at 02:54PM