On Monday, Apple released iOS 14.5.1 and macOS Big Sur 11.3.1 with an important security update that fixes a serious WebKit exploit. Now the company has updated Safari 14.1.
Apple has just re-released Safari 14.1 for macOS Catalina and macOS Mojave users, which also fixes the exploit used to deliver malicious web content. As Apple explained yesterday, the vulnerability found in WebKit could be exploited to execute arbitrary code on a user's device without their consent. Since the vulnerability has already been fixed for users with iOS 14 and macOS Big Sur, Apple has now released a Safari update with the same security improvements for users with macOS Catalina and macOS Mojave.
WebKit
- Available for: macOS Catalina and macOS Mojave
- Impact: Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.
- Description: A memory corruption issue was resolved through improved state management.
- CVE-2021-30665: yangkang (@dnpushme)&zerokeeper&bianliang from 360 ATA
WebKit
- Available for: macOS Catalina and macOS Mojave
- Impact: Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.
- Description: An integer overflow was fixed with improved input validation.
- CVE-2021-30663: An anonymous researcher
The same vulnerability was also fixed on older iPhone and iPad models with iOS 12.5.1, which was also released Monday evening. Affected users can update Safari by visiting the Software Update menu in the System Preferences app on the Mac. For more information about the security updates for Safari 14.1, see this support article on the Apple website. (Photo by Denys Prykhodov / Bigstockphoto)
