Cybersecurity and Infrastructure Security Agency released an advisory Tuesday about the Apple zero-days and patches, encouraging users and administrators to review the Apple security update and apply the necessary updates.Īlexander Culafi is a writer, journalist and podcaster based in Boston. It was found by a security researcher known as "xerub." .xpc is a networking component for WebKit (Safari) and is needed by Safari to connect websites Cheap, low quality antivirus software will trigger on. Like CVE-2021-30761, CVE-2021-30737 is a memory corruption issue caused by the user "processing a maliciously crafted certificate" and is capable of arbitrary code execution. The vulnerabilities impact older iOS devices according to the advisory, including iPhones 5s, 6, 6 Plus iPads Air, mini 2, mini 3 and the 6th generation iPod touch.Ī third vulnerability centered around Apple's ASN.1 decoder was fixed in the 12.5.3 update. Both vulnerabilities were discovered by anonymous researchers. Last month, Apple issued emergency patches for other zero-day flaws in WebKit.Īccording to Monday's security update, CVE-2021-30761 is a memory corruption issue capable of arbitrary code execution when the user processes "maliciously crafted web content," and CVE-2021-30762 is a "use after free issue" also triggered through malicious web content and also capable of arbitrary code execution. The two vulnerabilities, CVE-2021-30761 and CVE-2021-30762, bring the number of WebKit-related zero-days disclosed and patched by Apple this year to nine.
We contacted Apple for more detail about the zero-days, but the Cupertino, Calif., company declined to comment.
0 kommentar(er)
