15 June 21, 11:59
Quote:Apple issued two out-of-band security fixes for its Safari web browser, fixing zero-day vulnerabilities that “may have been actively exploited,” according to a Monday security bulletin by the company. The bugs affect sixth-generation Apple iPhones, iPads and iPod touch model hardware, released between 2013 and 2018.
“Apple is aware of a report that this issue may have been actively exploited,” the company wrote. Technical details of the two bugs, Apple said, will not be released, “until an investigation has occurred and patches or releases are available.”
Both bugs are tied to Apple’s Safari browser and the underlying iOS code, called WebKit, which is responsible for rendering web pages. Apple is crediting the discovery of both bugs (CVE-2021-30761 and CVE-2021-30762) to an anonymous researcher.
The patch, iOS 12.5.4, is available for download.
Read more: Apple Hurries Patches for Safari Bugs Under Active Attack | Threatpost