Overview
Apple has released a security patch for 2 zero-day flaws, allowing an attacker to perform remote code execution on a target system.
Description
The latest patch released by Apple has addressed 3 security bugs, including memory corruption issue in ASN.1 Decoder (CVE-2021-30737) and two flaws concerning the Webkit browser engine that could achieve remote code execution.
✻ CVE-2021-30761
A memory corruption issue that allows an attacker to perform arbitrary code execution.
✻ CVE-2021-30762
A use-after-free issue that could be exploited to perform arbitrary code execution.
Impact
✻ Exposing sensitive information to unauthorized parties
✻ Malware infection
✻ Execute of unwanted/malicious programs/codes
✻ Unauthorized access
Solution/ Workarounds
✻ Install the latest patch released by Apple
Reference
About the security content of iOS 14.4 and iPadOS 14.4
Apple Issues Urgent Patches for 2 Zero-Day Flaws Exploited in the Wild
Disclaimer
The information provided herein is on an “as is” basis, without warranty of any kind.