Home > Cyber News > CVE-2021-30665 and CVE-2021-30663 in macOS Big Sur Exploited in the Wild
CYBER NEWS

CVE-2021-30665 and CVE-2021-30663 in macOS Big Sur Exploited in the Wild

by   |  Last Update:  |  0 Comments  

CVE-2021-30665 and CVE-2021-30663 -apple-sensorstechforum
This week, Apple addressed a couple of security flaws that have been exploited in the wild. The vulnerabilities, known as CVE-2021-30665 and CVE-2021-30663 affect WebKit in macOS Big Sur.

What Is CVE-2021-30665?

The vulnerability is a memory corruption issue that was fixed with improved state management. What’s the impact of the flaw? By processing maliciously crafted web content, hackers could create conditions for arbitrary code execution. Reports indicate that the vulnerability has been used in actual attacks against owners of Macs.




What Is CVE-2021-30663?

The vulnerability is an integer overflow issue, which Apple fixed with improved input validation. The impact of the vulnerability is the same as with the previous flaw – by utilizing maliciously crafted web content, attackers could perform arbitrary code execution. According to Apple’s advisory, there are indications of active exploits in the wild based on CVE-2021-30663.

More information is available in the official advisory.

Other Recent Vulnerabilities Fixed by Apple

Last month, apple fixed a critical AirDrop vulnerability. A team of researchers from the Secure Mobile Networking Lab (SEEMOO) and the Cryptography and Privacy Engineering Group (ENCRYPTO) at TU Darmstadt discovered a severe privacy weakness in Apple’s wireless file-sharing protocol. The vulnerability could expose a user’s contact information, including email address and phone number.

AirDrop is used by Apple users to share files with each other but it turns out that complete strangers (threat actors included) can tap into the process. Everything that is needed to exploit the weakness is a wi-fi-enabled device and physical proximity to the target, the researchers warned.

Milena Dimitrova

An inspired writer and content manager who has been with SensorsTechForum since the project started. A professional with 10+ years of experience in creating engaging content. Focused on user privacy and malware development, she strongly believes in a world where cybersecurity plays a central role. If common sense makes no sense, she will be there to take notes. Those notes may later turn into articles! Follow Milena @Milenyim

More Posts

Follow Me:
Twitter

Related posts:
  1. Crypto Airdrop Scams: How to Identify Them and Protect Yourself In this article, we delve into why crypto airdrops are...
  2. How to Spot and Avoid X World Games Airdrop Scam Recently, several instances of scams masquerading as legitimate gaming platforms...
  3. Bitcoin Airdrop Scams: How To Protect Yourself from Phishing Attacks The rise of the cryptocurrency deals with Bitcoin and its...
  4. Adobe Patches 112 Vulnerabilities in Latest Patch Package (CVE-2018-5007) Adobe has released the latest patch package that addresses a...
  5. The Most Exploited Vulnerabilities in 2021 Include CVE-2021-44228, CVE-2021-26084 Which were the most routinely exploited security vulnerabilities in 2021?...
  6. CVE-2021-30632 and CVE-2021-30633: Chrome Zero-Days Exploited in the Wild Is your Chrome browser up-to-date? Google just released fixes for...
  7. July 2021 Patch Tuesday: Actively Exploited CVE-2021-34448 Fixed Microsoft Windows July 2021 Patch Tuesday just rolled out, patching...
  8. The Most Secure Smartwatches List This is a comprehensive Top 10 list that summarizes the...

Leave a Comment

Your email address will not be published. Required fields are marked *

This website uses cookies to improve user experience. By using our website you consent to all cookies in accordance with our Privacy Policy.
I Agree