Apple Release Urgent Patches for two Zero-Day Flaws

Tags: English. Risk Level: Medium.

Overview

Apple has released a security patch for 2 zero-day flaws, allowing an attacker to perform remote code execution on a target system.

Description

The latest patch released by Apple has addressed 3 security bugs, including memory corruption issue in ASN.1 Decoder (CVE-2021-30737) and two flaws concerning the Webkit browser engine that could achieve remote code execution.

✻ CVE-2021-30761

A memory corruption issue that allows an attacker to perform arbitrary code execution.

✻ CVE-2021-30762

A use-after-free issue that could be exploited to perform arbitrary code execution.

Impact

✻ Exposing sensitive information to unauthorized parties

✻ Malware infection

✻ Execute of unwanted/malicious programs/codes

✻ Unauthorized access

Solution/ Workarounds

✻ Install the latest patch released by Apple

Reference

Disclaimer

The information provided herein is on an “as is” basis, without warranty of any kind.