Apple has released security updates to fix vulnerabilities in iOS 14.5.1, macOS Big Sur 11.3.1, Safari 14.1, watchOS 7.4.1, and other products under active exploit in the wild
A hacker could exploit some of these vulnerabilities to take control of affected devices.
iOS 14.5.1 and iPadOS 14.5.1
The latest iOS 14.5.1 and iPadOS 14.5.1 security update released on May 3 addressed two Webkit vulnerabilities that could each result in arbitrary code execution:
- CVE-2021-30665: A memory corruption issue was addressed with improved state management.
- CVE-2021-30663: An integer overflow was addressed with improved input validation.
“Apple is aware of a report that this issue may have been actively exploited,” Apple warned in the advisory.
Moreover, Apple released iOS 12.5.3 for older iPhone models: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation).
macOS Big Sur 11.3.1
Apple also released macOS Big Sur 11.3.1 security update on May 3 that addressed the same vulnerabilities exploited in the wild (CVE-2021-30665 and CVE-2021-30663) fixed in iOS updates previously mentioned.
In addition, the latest Apple Watch 7.4.1 security update on May 3 addressed CVE-2021-30665 exploited in the wild.
The flaw impacts Apple Watch Series 3 and later models.
Finally, the Apple Safari 14.1 security update on May 4 also fixed CVE-2021-30665 exploited in the wild.
The update is available for systems running macOS Catalina and macOS Mojave.
- Apple security updates for iOS 14.5, macOS Big Sur 11.3 and other products (updated)
- XCSSET malware now targets Apple’s macOS 11 and M1-based Macs
- Apple iOS 14.4.2 security update fixes zero-day vulnerability exploited in the wild
- North Korea threat actors use AppleJeus malware to steal cryptocurrency
- Apple releases iOS 14.4 with fixes for 3 zero-days exploited in wild (and other security updates)