Apple says iOS 14.5.1 and macOS 11.3.1 patch WebKit flaws that may have been actively exploited
Apple released updates for iPhone, iPad, Mac, and Apple Watch today with multiple security updates. The patched flaws involved malicious web content that could lead to arbitrary code execution – and Apple says they may have been actively exploited.
Apple released iOS 14.5.1 and iOS 12.5.3, macOS 11.3.1, and watchOS 7.4.1 today with the primary changes being security fixes (App Tracking Transparency bug fix for iOS too). So be sure to install the newest updates to get the latest protection.
In support documents, Apple detailed the web flaws that were fixed. The first flaw meant that “Processing maliciously crafted web content may lead to arbitrary code execution.” Memory corruption was at play here and Apple says it fixed the issue with “improved state management.” A second flaw also dealt with the same potential for malicious web content potentially executing arbitrary code and Apple says it also may have been exploited in the wild. On this one, Apple solved the problem with an integer overflow and “improved input validation.”