Active Exploitation of Vulnerabilities in Apple iOS and iPadOS

Published on 04 May 2021

Updated on 27 May 2021

UPDATE: Apple has released a security update to address other vulnerabilities found in iOS and iPadOS products. Users are advised to patch their products to the latest versions (i.e. iOS 14.6 and iPadOS 14.6) immediately. For more information, refer to https://support.apple.com/en-us/HT212528

Apple has released a security update to address two vulnerabilities that are being actively exploited.

The vulnerabilities are:
  • CVE-2021-30663: An integer overflow vulnerability in WebKit that allows an attacker to potentially trigger the vulnerability on the targeted device when the user visits a website with malicious exploit code created by the attacker
  • CVE-2021-30665: A buffer overflow vulnerability in WebKit that allows an attacker to potentially trigger a memory corruption on the targeted device when the user visits a website with malicious exploit code created by the attacker

 

Successful exploitation of the vulnerabilities may lead to arbitrary code execution and compromise of the iOS device.

Users are advised to enable automatic software update by going to Settings>General>Software Updates>Enable Automatic Updates or patch their products to the latest versions immediately:
  • iOS 14.6 and iPadOS 14.6: for iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

 

 

More information is available here:
https://support.apple.com/en-us/HT212336