Apple addresses three zero-day flaws in its WebKit browser engine

Apple has released security updates to patch three zero-days in the WebKit, the Apple’s browser engine, and fixed a zero-day exploited in the wild.

Apple released security updates to address four zero-day vulnerabilities impacting WebKit, which is used by multiple products of the IT giant, including iPadOS, tvOS, and watchOS.

The WebKit browser engine is used by multiple products to display web content.

Apple fixed the three suspected WebKit zero-day flaws, tracked as CVE-2021-30663, CVE-2021-30665, and CVE-2021-30666, with the release of macOS Big Sur 11.3.1, iOS 12.5.3, iOS 14.5.1, iPadOS 14.5.1, and watchOS 7.4.1. The company also fixed the fourth issue, tracked as CVE-2021-30661, with the release of iOS 12.5.3. Apple first patched this flaw in iOS, iPadOS, watchOS, and tvOS.

“Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.” reads the description provided by Apple for all the flaws.

The tech giant did not share technical details about the flaws and how to trigger them.

All the bugs were reported to Apple by researcher @dnpushme from Qihoo 360 ATA.

If you want to receive the weekly Security Affairs Newsletter for free subscribe here.

Follow me on Twitter: @securityaffairs and Facebook

[adrotate banner=”9″]

[adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, WebKit)

[adrotate banner=”5″]

[adrotate banner=”13″]