Apple Patches Remote Code Execution Bug in WebKit


Tracked as CVE-2021-1844 and co-reported by Clément Lecigne of Google’s Threat Analysis Group and Alison Huffman of Microsoft Browser Vulnerability Research, the flaw was addressed with software updates for macOS, iOS, watchOS, and Safari.

To exploit the vulnerability, an attacker would simply need to craft a webpage containing malicious code, and then lure the victim into accessing that webpage, which would trigger the execution of code onto the victim’s machine.

“Processing maliciously crafted web content may lead to arbitrary code execution,” Apple notes. “A memory corruption issue was addressed with improved validation,” the company continues.