Apple Issues Emergency Patches to Address Severe RCE Vulnerability

  • Apple has released patches for a range of products to address a WebKit vulnerability.
  • Not many details about the flaw have been published, but it is an RCE based on memory corruption.
  • Apple says they have no indication that the flaw is being under active exploitation in the wild.

Apple has released four “out-of-band” patches for iOS and iPadOS, macOS, watchOS, and Safari, addressing a severe vulnerability that was given the identifier “CVE-2021-1844.” The particular flaw was discovered by researcher Clément Lecigne of Google’s Threat Analysis Group and Alison Huffman of Microsoft’s Browser Vulnerability Research team, who reported their findings to Apple immediately.

The flaw is a memory corruption issue that can lead to remote code execution via buffer overflow in WebKit. For this to work, an attacker would need to use a specially crafted web page and trick the victim into opening it, which isn’t anything too demanding.

Successful exploitation of this flaw may result in the complete compromise of the target system. Because of the wide deployment of WebKit, Apple had to release patches that cover a wide range of products.

People are advised to apply the following patches immediately:

Apple claims that they have seen no signs of this vulnerability being under active exploitation, so there’s a good chance that the two researchers were the first to discover the flaw. The risk is still high, and Apple has chosen not to publish any technical details about the vulnerability yet. They will not share much until a thorough investigation has been concluded and the vast majority of the users have applied the available patches.

Based on some expert comments, we can discern that the exploitation would require some user interaction in the sense of downloading something onto the vulnerable device, so this bug may also be exploitable via email attachments of SMS links. Users of iPhone devices should be aware of this possibility and treat all incoming communications with caution.

Of course, everyone should upgrade to iOS 14.4.1 immediately, as this is an emergency security update. As such, it doesn’t threaten to break anything else with the introduction of new features.

REVIEW OVERVIEW

Latest

Is It Okay to Charge iPhone 13, Mini, Pro, or Pro Max Overnight?

Without any doubt, there are plenty of misconceptions about charging iOS devices. That’s even more true now since this year’s iPhones have the...

Is It Okay to Play Games While Charging iPhone 13? 

The iOS App Store offers more than one million games. Your options are practically limitless, with console-like games taking full advantage of iPhone 13’s...

Is It Bad to Use iPhone 13 While Charging? 

The latest iPhone generation comes with the longest battery life yet, managing to provide up to 2.5 extra hours of use. With that said,...
For a better user experience we recommend using a more modern browser. We support the latest version of the following browsers: For a better user experience we recommend using the latest version of the following browsers: Chrome, Edge, Firefox, Safari