Apple Release Urgent Patches for two Zero-Day Flaws

  • CERT Admin
  • Wed Jun 16 2021
  • Alerts

 Overview 

Apple has released a security patch for 2 zero-day flaws, allowing an attacker to perform remote code execution on a target system.  

Description 

The latest patch released by Apple has addressed 3 security bugs, including memory corruption issue in ASN.1 Decoder (CVE-2021-30737) and two flaws concerning the Webkit browser engine that could achieve remote code execution. 

● CVE-2021-30761 

 A memory corruption issue that allows an attacker to perform arbitrary code execution. 

● CVE-2021-30762 

A use-after-free issue that could be exploited to perform arbitrary code execution.  

  

Impact 

● Exposing sensitive information to unauthorized parties 

● Malware infection 

● Execute of unwanted/malicious programs/codes 

● Unauthorized access 

  

Solution/ Workarounds 

● Install the latest patch released by Apple   

  

Reference 

● https://support.apple.com/en-us/HT212146 

● https://thehackernews.com/2021/06/apple-issues-urgent-patches-for-2-zero.html 

  

Disclaimer 

The information provided herein is on an "as is" basis, without warranty of any kind.

Last updated: Wed Jun 16 2021