IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

Apple patches iOS 12 after hackers exploit WebKit Engine flaws

The emergency patch addresses two bugs abused to launch remote code execution attacks

Apple has released an out-of-band security fix to address two zero-day vulnerabilities in iOS 12.5.3 that hackers are actively exploiting to launch remote code execution attacks. 

The two flaws under scrutiny are CVE-2021-30761 and CVE-2021-30762, which both lie in the open source WebKit browser rendering engine used by Apple to power Safari, as well as all iOS web browsers. It’s also used by many other apps across the Apple ecosystem on various devices.

Apple has patched these two flaws with iOS version 12.5.4, alongside a fix for a memory corruption issue in ASN.1 decoder, tracked as CVE-2021-30737. Abstract Syntax Notation One, or ASN.1, is a standard interface language for defining data structures that can be serialised and deserialised in a cross-platform way.

The first of the two WebKit flaws, CVE-2021-30761, is also a memory corruption issue that can be exploited to execute code remotely when processing malicious web content. 

The second, CVE-2021-30762, is a use-after-free issue that can also be exploited to launch remote code execution attacks when processing malicious content. 

They’ve been fixed with “improved state management” and “improved memory management” respectively.  

These two are only the latest flaws to affect Apple’s WebKit browser engine that hackers have exploited since the start of the year. In total, Apple has patched seven WebKit-related flaws since January 2021, across various devices. 

Related Resource

Security awareness training strategies for account takeover protection

Why you need an inside-the-perimeter strategy for internal threats

Security awareness training strategies for account takeover protection - whitepaper from MimecastFree download

WebKit, alongside its use in Safari, is also used in various iOS, macOS, watchOS and Apple TV apps and services. 

The latest version of Safari released in April brought with it a host of new WebKit features, APIs, performance improvements and better compatibility for web developers. For example, Safari 14.1 now supports a media encoder as well as date and time inputs on macOS. 

Support for the AudioWorklets technology, a web standard that optimises audio processing in the browser, however, brought with it a glaring security issue

Researchers with Theori reported that a bug in the implementation of this feature made it possible to use technology to get Safari and other WebKit-based browsers to run arbitrary code. Although the WebKit developers fixed the bug, Apple’s Safari developers didn’t bake this into the web browser on iOS or macOS. 

Featured Resources

AI for customer service

IBM Watson Assistant solves customer problems the first time

View now

Solve cyber resilience challenges with storage solutions

Fundamental capabilities of cyber-resilient IT infrastructure

Free Download

IBM FlashSystem 5000 and 5200 for mid-market enterprises

Manage rapid data growth within limited IT budgets

Free download

Leverage automated APM to accelerate CI/CD and boost application performance

Constant change to meet fast-evolving application functionality

Free Download

Recommended

Best business smartphones 2022: The top handsets from Apple, Samsung, Google and more
Mobile

Best business smartphones 2022: The top handsets from Apple, Samsung, Google and more

11 Nov 2022
New macOS Ventura security features make for a compelling upgrade
operating systems

New macOS Ventura security features make for a compelling upgrade

25 Oct 2022
Apple patches actively exploited iPhone, iPad zero-day and 18 other security flaws
zero-day exploit

Apple patches actively exploited iPhone, iPad zero-day and 18 other security flaws

25 Oct 2022
Apple iPad Pro 12.9in (2021) review: A giant leap for Apple silicon
tablets

Apple iPad Pro 12.9in (2021) review: A giant leap for Apple silicon

30 Sep 2022

Most Popular

How to boot Windows 11 in Safe Mode
Microsoft Windows

How to boot Windows 11 in Safe Mode

15 Nov 2022
The top 12 password-cracking techniques used by hackers
Security

The top 12 password-cracking techniques used by hackers

14 Nov 2022
Windows users now able to run Linux apps and distros natively
Microsoft Windows

Windows users now able to run Linux apps and distros natively

24 Nov 2022