macOS, iOS, iPadOS, Safari CVE-2021-1844 Bug : Fix It Now!

macOS, iOS, iPadOS, Safari CVE-2021-1844 Bug : Fix It Now!

Apple just rushed out macOS Big Sur 11.2.3, iOS 14.4.1, iPadOS 14.4.1 and Safari 14.0.3 to patch a critical security bug.

Find out what they fix, and why you need to update your MacBook, iPhone and iPad right away!

 

Apple Rushes Out macOS, iOS, iPadOS, Safari Critical Bug Fixes!

Released on 8 March 2021, macOS Big Sur 11.2.3 patches only one bug, which may mislead users into thinking that it’s not very important.

WebKit

Available for: macOS Big Sur

Impact: Processing maliciously crafted web content may lead to arbitrary code execution

Description: A memory corruption issue was addressed with improved validation.

CVE-2021-1844: Clément Lecigne of Google’s Threat Analysis Group, Alison Huffman of Microsoft Browser Vulnerability Research

On the same day, Apple also released iOS 14.4.1 and iPadOS 14.4.1 – both patching the same CVE-2021-1844 vulnerability.

WebKit

Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: Processing maliciously crafted web content may lead to arbitrary code execution

Description: A memory corruption issue was addressed with improved validation.

CVE-2021-1844: Clément Lecigne of Google’s Threat Analysis Group, Alison Huffman of Microsoft Browser Vulnerability Research

Apple also released Safari 14.0.3, which patches the same vulnerability for macOS Catalina and macOS Mojave :

WebKit

Available for: macOS Catalina and macOS Mojave

Impact: Processing maliciously crafted web content may lead to arbitrary code execution

Description: A memory corruption issue was addressed with improved validation.

CVE-2021-1844: Clément Lecigne of Google’s Threat Analysis Group, Alison Huffman of Microsoft Browser Vulnerability Research

 

Why Install These macOS, iOS, iPadOS, Safari Bug Fixes ASAP?

While they appear to only patch WebKit in macOS Big Sur, iOS, iPadOS and Safari, they are CRITICAL bug fixes that you need to install right away.

They patch the new CVE-2021-1844 vulnerability, which was discovered by Clément Lecigne of Google’s Threat Analysis Group and Alison Huffman of Microsoft Browser Vulnerability Research.

This vulnerability allows a remote attacker to trigger a buffer overflow when the victim opens a specially-crafted web page, allowing the attacker to execute arbitrary code on the target system.

It is not known if this vulnerability has been exploited yet, but it is critical to install the new updates to prevent that from happening.

 

Recommended Reading

Go Back To > Software | CybersecurityHome

 

Support Tech ARP!

If you like our work, you can help support us by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Any help you can render is greatly appreciated!


Leave a Reply