Home > Cyber News > CVE-2021-30665 and CVE-2021-30663 in macOS Big Sur Exploited in the Wild

CVE-2021-30665 and CVE-2021-30663 in macOS Big Sur Exploited in the Wild

CVE-2021-30665 and CVE-2021-30663 -apple-sensorstechforum
This week, Apple addressed a couple of security flaws that have been exploited in the wild. The vulnerabilities, known as CVE-2021-30665 and CVE-2021-30663 affect WebKit in macOS Big Sur.

What Is CVE-2021-30665?

The vulnerability is a memory corruption issue that was fixed with improved state management. What’s the impact of the flaw? By processing maliciously crafted web content, hackers could create conditions for arbitrary code execution. Reports indicate that the vulnerability has been used in actual attacks against owners of Macs.

What Is CVE-2021-30663?

The vulnerability is an integer overflow issue, which Apple fixed with improved input validation. The impact of the vulnerability is the same as with the previous flaw – by utilizing maliciously crafted web content, attackers could perform arbitrary code execution. According to Apple’s advisory, there are indications of active exploits in the wild based on CVE-2021-30663.

More information is available in the official advisory.

Other Recent Vulnerabilities Fixed by Apple

Last month, apple fixed a critical AirDrop vulnerability. A team of researchers from the Secure Mobile Networking Lab (SEEMOO) and the Cryptography and Privacy Engineering Group (ENCRYPTO) at TU Darmstadt discovered a severe privacy weakness in Apple’s wireless file-sharing protocol. The vulnerability could expose a user’s contact information, including email address and phone number.

AirDrop is used by Apple users to share files with each other but it turns out that complete strangers (threat actors included) can tap into the process. Everything that is needed to exploit the weakness is a wi-fi-enabled device and physical proximity to the target, the researchers warned.

Milena Dimitrova

An inspired writer and content manager who has been with SensorsTechForum since the project started. A professional with 10+ years of experience in creating engaging content. Focused on user privacy and malware development, she strongly believes in a world where cybersecurity plays a central role. If common sense makes no sense, she will be there to take notes. Those notes may later turn into articles! Follow Milena @Milenyim

More Posts

Follow Me:

Leave a Comment

Your email address will not be published. Required fields are marked *

This website uses cookies to improve user experience. By using our website you consent to all cookies in accordance with our Privacy Policy.
I Agree