Apple on Tuesday released a new version of Safari to address a pair of zero-day vulnerabilities in WebKit that it says have been exploited in the wild.
The latest Safari 14.1 update for macOS Catalina and macOS Mojave fixes two WebKit flaws present in Apple’s current generation operating systems, according to a security document released today.
Detailed in a security disclosure Tuesday, the two zero-day vulnerabilities – memory corruption and integer overflow issues – could allow malicious web content to execute arbitrary code on a target device. Apple said it was aware of reports that the bugs were exploited in the wild.
The vulnerabilities are identified as CVE-2021-30665 and CVE-2021-30663.
Apple fixed the same flaws in its release of iOS 14.5.1 and macOS Big Sur 11.3 on Monday.
In addition to the two critical fixes, the current version of Safari 14.1 contains bug fixes and security protections introduced with a separate web browser version released in April.