Apple Zero-Day – Cybersecurity Advisory

May 4th, 2021: Apple has released IOS updates for 4 critical issues that impact all Mac, iOS, iPad, and Watch products. “Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.”  In simpler words, that means a “drive-by, web-based zero-day RCE exploit.”

What to do?

Don’t delay. Update today!  Apple has acknowledged they have found cases where hackers are using these exploits already. It’s very important that you install these updates today.

iPhones, iWatches, iPads

Go to Settings > General > Software Update.

MacBooks or iMacs

Go to Apple menu > System Preferences > Software Update.

If you’re already up to date, then the device will say so when you try to update. 

The latest versions to look out for at the time of this article (May 4th, 2021 – 3:45PM EST) are: iOS 12.5.3, iOS/iPadOS 14.5.1, watchOS 7.4.1 and macOS 11.3.1.

The Bugs

• CVE-2021-30665: A memory corruption issue was addressed with improved state management.
• CVE-2021-30663: An integer overflow was addressed with improved input validation.
• CVE-2021-30661: A use after free issue was addressed with improved memory management.
• CVE-2021-30666: A buffer overflow issue was addressed with improved memory handling.

Sources