430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|Apple Fixes WebKit Flaws in iOS and macOS, With Help From AI Tools|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|Apple Fixes WebKit Flaws in iOS and macOS, With Help From AI Tools|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Apple fixed 2 WebKit flaws exploited to target older iPhones

Apple released an out-of-band iOS update for older iPhones and iPads and warned that threat actors are actively exploiting two flaws in WebKit. Apple released an out-of-band iOS update ( iOS 12.5.4 patch) for older iPhones and iPad, the IT giant also warned that some vulnerabilities affecting its WebKit may have been actively exploited. WebKit is a browser […]

Apple Signal

Apple released an out-of-band iOS update for older iPhones and iPads and warned that threat actors are actively exploiting two flaws in WebKit.

Apple released an out-of-band iOS update ( iOS 12.5.4 patch) for older iPhones and iPad, the IT giant also warned that some vulnerabilities affecting its WebKit may have been actively exploited.

WebKit is a browser engine developed by Apple and primarily used in its Safari web browser, as well as all iOS web browsers.

Apple did not share details of the attacks that targeted older models of Apple iPhone devices.

The iOS 12.5.4 patch addressed at least three vulnerabilities that could be exploited by threat actors to execute arbitrary code on vulnerable devices.

Two of the addressed issues, tracked CVE-2021-30761 and CVE-2021-30762, are memory corruption and use-after-free issues respectively and reside in the WebKit rendering engine. The two flaws could be exploited by tricking owners of devices running iOS 12 into visiting specially crafted web content.

“Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.” reads the security advisory published by Apple.

The iOS 12.5.4 fixes the flaws in iPhone 5s, iPhone 6, iPhone 6 Plus, iPad Air, iPad mini 2, iPad mini 3, and iPod touch (6th generation). Both issues were reported by an anonymous researcher.

The iOS 12.5.4 also addressed a memory corruption issue in the ASN.1 decoder tracked as CVE-2021-30737. The flaw can be exploited by processing a maliciously crafted certificate to lead to arbitrary code execution.

Follow me on Twitter: @securityaffairs and Facebook

[adrotate banner=”9″][adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, iPhones)

[adrotate banner=”5″]

[adrotate banner=”13″]