This week, Apple addressed a couple of security flaws that have been exploited in the wild. The vulnerabilities, known as CVE-2021-30665 and CVE-2021-30663 affect WebKit in macOS Big Sur.
What Is CVE-2021-30665?
The vulnerability is a memory corruption issue that was fixed with improved state management. What’s the impact of the flaw? By processing maliciously crafted web content, hackers could create conditions for arbitrary code execution. Reports indicate that the vulnerability has been used in actual attacks against owners of Macs.
What Is CVE-2021-30663?
The vulnerability is an integer overflow issue, which Apple fixed with improved input validation. The impact of the vulnerability is the same as with the previous flaw – by utilizing maliciously crafted web content, attackers could perform arbitrary code execution. According to Apple’s advisory, there are indications of active exploits in the wild based on CVE-2021-30663.
More information is available in the official advisory.
Other Recent Vulnerabilities Fixed by Apple
Last month, apple fixed a critical AirDrop vulnerability. A team of researchers from the Secure Mobile Networking Lab (SEEMOO) and the Cryptography and Privacy Engineering Group (ENCRYPTO) at TU Darmstadt discovered a severe privacy weakness in Apple’s wireless file-sharing protocol. The vulnerability could expose a user’s contact information, including email address and phone number.
AirDrop is used by Apple users to share files with each other but it turns out that complete strangers (threat actors included) can tap into the process. Everything that is needed to exploit the weakness is a wi-fi-enabled device and physical proximity to the target, the researchers warned.