(Subscribe to our Today's Cache newsletter for a quick snapshot of top 5 tech stories. Click here to subscribe for free.)
On March 8, Apple Inc urged users to update their software across their devices, explaining, “Keeping your software up-to-date is one of the most important things you can do to maintain your Apple product’s security,” on its security updates page.
Apple’s WebKit experienced “a memory corruption issue” that has been addressed “with improved validation.” Said error saw “processing maliciously crafted web content may lead to arbitrary code execution.”
WebKit is a C++ browser engine, developed by Apple for use in its Safari web browser. The tool is also used by Apple Mail, the App Store, and various apps on the macOS and iOS operating systems, which explains the urgency of the situation.
According to CyberSecurity Help’s vulnerability database, this type of bug (CVE-2021-1844 — reported by Clément Lecigne of Google’s Threat Analysis Group, and Alison Huffman of Microsoft Browser Vulnerability Research) “exists due to a boundary error when processing web content in WebKit. A remote attacker can create a specially crafted web page, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.” Cybersecurity Help adds, “This vulnerability can be exploited by a remote non-authenticated attacker via the Internet,” but also points out “We are not aware of malware exploiting this vulnerability.”
Apple, as a company “doesn’t disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are generally available.”
Apple users can head to their Settings > General > Software Update to initiate the update if it has not happened yet. The update has been made available for users with devices running macOS Big Sur, and Safari on macOS Catalina and macOS Mojave, Apple Watch Series 3 and later, iPhone 6s and later, as well as iPad Air 2 and later, iPad mini 4 and later, and even iPod touch (7th generation).
