Apple has released security updates to patch three zero-days in the WebKit, the Apple’s browser engine, and fixed a zero-day exploited in the wild.

Apple released security updates to address four zero-day vulnerabilities impacting WebKit, which is used by multiple products of the IT giant, including iPadOS, tvOS, and watchOS.

360 Mobile Vision - North & South Carolina Security products and Systems Installations for Commercial and Residential - $55 Hourly Rate. ACCESS CONTROL, INTRUSION ALARM, ACCESS CONTROLLED GATES, INTERCOMS AND CCTV INSTALL OR REPAIR 360 Mobile Vision - is committed to excellence in every aspect of our business. We uphold a standard of integrity bound by fairness, honesty and personal responsibility. Our distinction is the quality of service we bring to our customers. Accurate knowledge of our trade combined with ability is what makes us true professionals. Above all, we are watchful of our customers interests, and make their concerns the basis of our business.

The WebKit browser engine is used by multiple products to display web content.

Apple fixed the three suspected WebKit zero-day flaws, tracked as CVE-2021-30663, CVE-2021-30665, and CVE-2021-30666, with the release of macOS Big Sur 11.3.1, iOS 12.5.3, iOS 14.5.1, iPadOS 14.5.1, and watchOS 7.4.1. The company also fixed the fourth issue, tracked as CVE-2021-30661, with the release of iOS 12.5.3. Apple first patched this flaw in iOS, iPadOSwatchOS, and tvOS.

“Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.” reads the description provided by Apple for all the flaws.

The tech giant did not share technical details about the flaws and how to trigger them.

All the bugs were reported to Apple by researcher @dnpushme from Qihoo 360 ATA.

If you want to receive the weekly Security Affairs Newsletter for free subscribe here.

Follow me on Twitter: @securityaffairs and Facebook

Pierluigi Paganini

(SecurityAffairs – hacking, WebKit)

The post Apple addresses three zero-day flaws in its WebKit browser engine appeared first on Security Affairs.

By admin