Apple on Tuesday released Safari 14.1 for users running macOS Catalina and macOS Mojave, which fixes an exploit that had been being used for malicious web content. Earlier this week, Apple released iOS 14.5.1 and macOS Big Sur 11.3.1 with the same WebKit fixed.
As Apple explained earlier this week, the exploit found in WebKit had been used to execute arbitrary code on a user’s device without consent. Apple has now released a Safari update with the same security improvements for users running macOS Catalina and macOS Mojave.
WebKit
Available for: macOS Catalina and macOS Mojave
Impact: Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.
Description: A memory corruption issue was addressed with improved state management.
CVE-2021-30665: yangkang (@dnpushme)&zerokeeper&bianliang of 360 ATA
WebKit
Available for: macOS Catalina and macOS Mojave
Impact: Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.
Description: An integer overflow was addressed with improved input validation.
CVE-2021-30663: an anonymous researcher
The same exploit was also fixed on older iPhone and iPad models with the iOS 12.5.1 update, which was also released earlier this week.
Safari can be updated by going to the Software Update menu in the System Preferences app on your Mac. Apple offers a full explanation of the Safari 14.1 security updates in this support article on Apple’s website.
WebKit
Available for: macOS Catalina and macOS Mojave
Impact: Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.
Description: A memory corruption issue was addressed with improved state management.
CVE-2021-30665: yangkang (@dnpushme)&zerokeeper&bianliang of 360 ATA
WebKit
Available for: macOS Catalina and macOS Mojave
Impact: Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.
Description: An integer overflow was addressed with improved input validation.
CVE-2021-30663: an anonymous researcher