Apple Issues Patch for Remote Hacking Bug Affecting Billions of its Devices [thehackernews]

Apple has released out-of-band patches for iOS, macOS, watchOS, and Safari web browser to address a security flaw that could allow attackers to run arbitrary code on devices via malicious web content.

Tracked as CVE-2021-1844, the vulnerability was discovered and reported to the company by Clément Lecigne of Google’s Threat Analysis Group and Alison Huffman of Microsoft Browser Vulnerability Research.

According to the update notes posted by Apple, the flaw stems from a memory corruption issue that could lead to arbitrary code execution when processing specially crafted web content. The company said the problem was addressed with “improved validation.”

The update is available for devices running iOS 14.4, iPadOS 14.4macOS Big Sur, and watchOS 7.3.1 (Apple Watch Series 3 and later), and as an update to Safari for MacBooks running macOS Catalina and macOS Mojave.