Apple issues security update for WebKit flaws

There are reports hackers have been exploiting the bugs.
Apple iPhone 12 release
The Apple Store on George Street in Sydney, Australia. (James D. Morgan/Getty Images)

Apple released a series of security updates Monday to counter hackers actively exploiting two flaws affecting some later-generation iPhones, as well as a whole host of iPad and iPod models.

The update includes a fix for one of the flaws, a memory corruption issue, would have allowed hackers to arbitrarily execute code on victim devices, Apple said.

The other flaw that Apple fixed would have allowed external actors to execute arbitrary code, too.

Both of the issues affected WebKit, Apple’s web browser engine.


Apple acknowledged that there are reports that hackers have been exploiting both issues in the wild to hack victims’ devices. Apple does not identify which hackers have been taking advantage of the vulnerabilities.

It’s just the latest vulnerability cleanup Apple has had to grapple with in the past several months. Last week Apple pushed a security update that addressed a logic bug that made it so hackers could target users with malicious applications in a way that bypassed Apple’s security protections. Researchers also recently found hackers targeting Apple developers with malware as well as a flaw that was leaking email addresses from Apple’s AirDrop.

The models impacted by Monday’s security fixes include all iPad Pro models, iPad Air 2 and later, iPad 5th generation and later, iPad mini4 and later, 7th generation iPod touch and iPhone 6s and later.

Apple also released updates Monday that would patch for a buffer overflow issue and a use-after-free issue, which is a  kind of memory corruption bug.

Shannon Vavra

Written by Shannon Vavra

Shannon Vavra covers the NSA, Cyber Command, espionage, and cyber-operations for CyberScoop. She previously worked at Axios as a news reporter, covering breaking political news, foreign policy, and cybersecurity. She has appeared on live national television and radio to discuss her reporting, including on MSNBC, Fox News, Fox Business, CBS, Al Jazeera, NPR, WTOP, as well as on podcasts including Motherboard’s CYBER and The CyberWire’s Caveat. Shannon hails from Chicago and received her bachelor’s degree from Tufts University.

Latest Podcasts