Along with iOS and watchOS, Apple has released a point upgrade to macOS to urgently fix flaws in WebKit.
The change-log for macOS Big Sur 11.3.1 notes the update ‘provides important security updates’ to the platform; ie address the aforementioned WebKit security problems.
Apple has confirmed that the WebKit exploits used memory corruption issue and overflows that would both allow malicious web content to be created. Further to that, Apple notes reports of the exploit being actively used. Hacker News’ Ravie Lakshmanan sums:
“CVE-2021-30663: An integer overflow vulnerability that could be exploited to craft malicious web content, which may lead to code execution. The flaw was addressed with improved input validation.
“CVE-2021-30665: A memory corruption issue that could be exploited to craft malicious web content, which may lead to code execution. The flaw was addressed with improved state management.”
While no company wants to see zero-day bugs in an operating system release, Apple’s centralised ability to roll out updates in a timely fashion has allowed it to react to the discovery. With the flaw being part of the WebKit browser engine – which is at the heart of Safari – this is not just a recommended update, but one that should be considered as urgent.
macOS users can manually update their OS from the System Preferences menu option found under the Apple Menu. Selecting the Software Update option will allow users to upgrade if one is available. Users can also allow the OS to automatically update itself in the background for any future updates.
More details and guides on updating macOS can be found on Apple’s Support Pages.
Now read more about the potential delay to Apple’s new MacBook Pro and iPad expected later this year…