Apple Zero-Day – Cybersecurity Advisory

4th May 2021 | Blog Apple Zero-Day – Cybersecurity Advisory


Apply Apple Update Now

May 4th, 2021: Apple has released IOS updates for 4 critical issues that impact all Mac, iOS, iPad, and Watch products. “Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.”  In simpler words, that means a “drive-by, web-based zero-day RCE exploit.

What to do?

Don’t delay. Update today!  Apple has acknowledged they have found cases where hackers are using these exploits already. It’s very important that you install these updates today.

iPhones, iWatches, iPads

Go to Settings > General > Software Update.

MacBooks or iMacs

Go to Apple menu > System Preferences > Software Update.

If you’re already up to date, then the device will say so when you try to update. 

The latest versions to look out for at the time of this article (May 4th, 2021 – 3:45PM EST) are: iOS 12.5.3iOS/iPadOS 14.5.1watchOS 7.4.1 and macOS 11.3.1.

The Bugs
  • CVE-2021-30665: A memory corruption issue was addressed with improved state management.
  • CVE-2021-30663: An integer overflow was addressed with improved input validation.
  • CVE-2021-30661: A use after free issue was addressed with improved memory management.
  • CVE-2021-30666: A buffer overflow issue was addressed with improved memory handling.
Sources
NakedSecurity – Apple Security Advisory

Zero Day – Cybrary Term

Latest Blogs

Stay sharp with the latest security insights

Discover and share the latest cybersecurity trends, tips and best practices – alongside new threats to watch out for.

Urgency, Emotion, Authority: How One Scammer Almost Got Inside a CPA Firm

Urgency, Emotion, Authority: How One Scammer Almost Got Inside a CPA Firm

Tax season keeps accountants busy, and it keeps scammers busy too. Early this summer, a CPA firm became the...

Read more
The Ransomware an AI Model Built Without Trying

The Ransomware an AI Model Built Without Trying

Researchers went looking for a fake photo upscaler and found something stranger: a ransomware kit an AI model...

Read more
CyberHoot Goes Fully Passwordless: Native Passkey Support Arrives for Administrators

CyberHoot Goes Fully Passwordless: Native Passkey Support Arrives for Administrators

For four years, CyberHoot has argued the same thing on its blog: passwords are major weak link. They get reused,...

Read more