Apple patches iOS 12 after hackers exploit WebKit Engine flaws

Shutterstock

Apple has produced an out-of-band security take care of to handle two zero-day vulnerabilities in iOS 12.5.3 that hackers are actively exploiting to start remote code execution attacks. 

The two flaws beneath scrutiny are CVE-2021-30761 and CVE-2021-30762, which the two lie in the open up resource WebKit browser rendering motor utilized by Apple to energy Safari, as very well as all iOS web browsers. It is also applied by a lot of other apps across the Apple ecosystem on various devices.

✔ Approved Seller From Our Partners

Protect your privacy by Mullvad VPN. Mullvad VPN is one of the famous brands in the security and privacy world. With Mullvad VPN you will not even be asked for your email address. No log policy, no data from you will be saved. Get your license key now from the official distributor of Mullvad with discount: SerialCart® (Limited Offer).

➤ Get Mullvad VPN with 12% Discount

Apple has patched these two flaws with iOS version 12.5.4, alongside a resolve for a memory corruption issue in ASN.1 decoder, tracked as CVE-2021-30737. Abstract Syntax Notation One particular, or ASN.1, is a typical interface language for defining info structures that can be serialised and deserialised in a cross-platform way.

The first of the two WebKit flaws, CVE-2021-30761, is also a memory corruption issue that can be exploited to execute code remotely when processing malicious web content material. 

The next, CVE-2021-30762, is a use-immediately after-totally free issue that can also be exploited to launch distant code execution attacks when processing destructive written content. 

They’ve been set with “improved point out management” and “improved memory management” respectively.  

These two are only the hottest flaws to have an affect on Apple’s WebKit browser motor that hackers have exploited considering that the commence of the calendar year. In complete, Apple has patched seven WebKit-associated flaws due to the fact January 2021, across several devices. 

WebKit, together with its use in Safari, is also used in a variety of iOS, macOS, watchOS and Apple Tv set apps and services. 

The hottest variation of Safari produced in April brought with it a host of new WebKit attributes, APIs, efficiency enhancements and improved compatibility for web developers. For illustration, Safari 14.1 now supports a media encoder as effectively as date and time inputs on macOS. 

Support for the AudioWorklets technology, a web conventional that optimises audio processing in the browser, even so, introduced with it a obtrusive security issue. 

Researchers with Theori noted that a bug in the implementation of this feature built it feasible to use technology to get Safari and other WebKit-based browsers to operate arbitrary code. Even though the WebKit builders fixed the bug, Apple’s Safari builders did not bake this into the web browser on iOS or macOS.