430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|Apple Fixes WebKit Flaws in iOS and macOS, With Help From AI Tools|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|Apple Fixes WebKit Flaws in iOS and macOS, With Help From AI Tools|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Apple addresses three zero-day flaws in its WebKit browser engine

Apple has released security updates to patch three zero-days in the WebKit, the Apple’s browser engine, and fixed a zero-day exploited in the wild. Apple released security updates to address four zero-day vulnerabilities impacting WebKit, which is used by multiple products of the IT giant, including iPadOS, tvOS, and watchOS. The WebKit browser engine is […]

Apple Signal

Apple has released security updates to patch three zero-days in the WebKit, the Apple’s browser engine, and fixed a zero-day exploited in the wild.

Apple released security updates to address four zero-day vulnerabilities impacting WebKit, which is used by multiple products of the IT giant, including iPadOS, tvOS, and watchOS.

The WebKit browser engine is used by multiple products to display web content.

Apple fixed the three suspected WebKit zero-day flaws, tracked as CVE-2021-30663, CVE-2021-30665, and CVE-2021-30666, with the release of macOS Big Sur 11.3.1, iOS 12.5.3, iOS 14.5.1, iPadOS 14.5.1, and watchOS 7.4.1. The company also fixed the fourth issue, tracked as CVE-2021-30661, with the release of iOS 12.5.3. Apple first patched this flaw in iOS, iPadOSwatchOS, and tvOS.

“Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.” reads the description provided by Apple for all the flaws.

The tech giant did not share technical details about the flaws and how to trigger them.

All the bugs were reported to Apple by researcher @dnpushme from Qihoo 360 ATA.

If you want to receive the weekly Security Affairs Newsletter for free subscribe here.

Follow me on Twitter: @securityaffairs and Facebook

[adrotate banner=”9″][adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, WebKit)

[adrotate banner=”5″]

[adrotate banner=”13″]