Apple fixes vulnerabilities under active exploit (CVE-2021-30663 and CVE-2021-30665)

Apple fixes vulnerabilities under active exploit (CVE-2021-30663 and CVE-2021-30665)

Apple has released security updates to fix vulnerabilities in iOS 14.5.1, macOS Big Sur 11.3.1, Safari 14.1, watchOS 7.4.1, and other products under active exploit in the wild

A hacker could exploit some of these vulnerabilities to take control of affected devices.

iOS 14.5.1 and iPadOS 14.5.1

The latest iOS 14.5.1 and iPadOS 14.5.1 security update released on May 3 addressed two Webkit vulnerabilities that could each result in arbitrary code execution:

  • CVE-2021-30665: A memory corruption issue was addressed with improved state management.
  • CVE-2021-30663: An integer overflow was addressed with improved input validation.

“Apple is aware of a report that this issue may have been actively exploited,” Apple warned in the advisory.

Moreover, Apple released iOS 12.5.3 for older iPhone models: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation).

macOS Big Sur 11.3.1

Apple also released macOS Big Sur 11.3.1 security update on May 3 that addressed the same vulnerabilities exploited in the wild (CVE-2021-30665 and CVE-2021-30663) fixed in iOS updates previously mentioned.

watchOS 7.4.1

In addition, the latest Apple Watch 7.4.1 security update on May 3 addressed CVE-2021-30665 exploited in the wild.

The flaw impacts Apple Watch Series 3 and later models.

Safari 14.1

Finally, the Apple Safari 14.1 security update on May 4 also fixed CVE-2021-30665 exploited in the wild.

The update is available for systems running macOS Catalina and macOS Mojave.

Related Articles