image credit: freepik
Apple this week issued out-of-band updates for mobile customers to patch two zero-day vulnerabilities that let attackers execute remote code on their iDevices. The Cupertino-based tech giant says criminals “may” have already exploited the flaws.
Available for most iDevices in circulation, iOS 14.5.1 (and the complementary iPadOS 14.5.1) fixes a critical memory corruption issue in the Safari WebKit engine where “processing maliciously crafted web content may lead to arbitrary code execution,” according to the advisory. The vulnerability is tracked as CVE-2021-30665 and was reported to Apple by three security researchers, nicknamed yangkang, zerokeeper and bianliang.
Comments are closed.
