Apple patches WebKit vulnerabilities in Safari 14.1 update for macOS Catalina, Mojave

article thumbnail

Apple on Tuesday released a new version of Safari to address a pair of zero-day WebKit vulnerabilities that were reportedly exploited in the wild.

The latest Safari 14.1 update for macOS Catalina and macOS Mojave closes two WebKit flaws present in Apple's current-generation operating systems, according to a security document published today.

Detailed in a security disclosure on Tuesday, the two zero-day vulnerabilities — memory corruption and integer overflow issues — could allow malicious web content to execute arbitrary code on a target device. Apple said it was aware of reports that the bugs were exploited in the wild.

The vulnerabilities are identified as CVE-2021-30665 and CVE-2021-30663.

Apple patched the same flaws in its release of iOS 14.5.1 and macOS Big Sur 11.3 on Monday.

Along with the two critical patches, today's version of Safari 14.1 contains bug fixes and security protections introduced with a separate version of the web browser released in April.