Apple just released a new patch for its older devices running iOS 12, fixing 3 security vulnerabilities. While the first vulnerability, listed as CVE-2021-30737 and described as a memory corruption issue in a decoder, was fixed in the iOS 14.6 update, so if you have that update you don’t need to worry.
However, there are 2 WebKit vulnerabilities patched in this that are currently being exploited in the wild. WebKit is the engine that powers website rendering for Safari, all 3rd party browsers (i.e. Firefox, Chrome, Brave, etc.) on iOS, and just about any app that renders webpages in the app.
Hopefully we’ll see an update to either iOS 14.6.1 or 14.7 soon, but in the meantime update any devices still running iOS 12 and be mindful of what you do in iOS 14.
The full patch notes are as follows:
Security
Available for: iPhone 5s, iPhone 6, iPhone 6 Plus, iPad Air, iPad mini 2, iPad mini 3, and iPod touch (6th generation)
Impact: Processing a maliciously crafted certificate may lead to arbitrary code execution
Description: A memory corruption issue in the ASN.1 decoder was addressed by removing the vulnerable code.
CVE-2021-30737: xerub
WebKit
Available for: iPhone 5s, iPhone 6, iPhone 6 Plus, iPad Air, iPad mini 2, iPad mini 3, and iPod touch (6th generation)
Impact: Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.
Description: A memory corruption issue was addressed with improved state management.
CVE-2021-30761: an anonymous researcher
WebKit
Available for: iPhone 5s, iPhone 6, iPhone 6 Plus, iPad Air, iPad mini 2, iPad mini 3, and iPod touch (6th generation)
Impact: Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.
Description: A use after free issue was addressed with improved memory management.Â
CVE-2021-30762: an anonymous researcher
[…] at most behind the release of the actual updates. At the moment it means we have no confirmation if the fixes in iOS 12.5.4 have been ported to iOS 14 or not. We also don’t know if these patches fixed the recently […]