Apple has released a new update to patch two zero-day vulnerabilities that allowed attackers to execute malicious code to attack iPhones, iPads, iPods, macOS, and Apple Watch devices.

This update also resolved a bug that prevented users from seeing App Tracking Transparency prompts within apps.

Both vulnerabilities reside in Webkit, a browser engine that renders Web content in Safari, Mail, App Store, and other select apps running on iOS, macOS, and Linux. CVE-2021-30663 and CVE-2021-30665, as the zero-day is tracked, have now been patched. Last week, Apple fixed CVE-2021-30661, another code-execution flaw in iOS Webkit, that also might have been actively exploited.

Buy Me A Coffee

“Processing maliciously crafted web content may lead to arbitrary code execution,” Apple said in its security notes, referring to the flaws. “Apple is aware of a report that this issue may have been actively exploited.” MacOS 11.3.1, which Apple also released on Monday, also fixed CVE-2021-30663 and CVE-2021-30665.

READ
Spotify Experiences Brief Outage, Now Resolved