Earlier this week, Apple released iOS 14.5.1 and macOS Big Sur 11.3.1 with an important security update that fixed a serious WebKit exploit. Today the company released Safari 14.1 for users running macOS Catalina and macOS Mojave, which also fixes the exploit that had been being used for malicious web content.
As Apple detailed earlier this week, the exploit found in WebKit had been exploited to execute arbitrary code on a user’s device without consent.
As the security breach has already been fixed for users running iOS 14 and macOS Big Sur, Apple has now released a Safari update with the same security improvements for users running macOS Catalina and macOS Mojave.
It’s worth remembering that the same exploit was also fixed on older iPhone and iPad models with iOS 12.5.1, which was released earlier this week to all users.
WebKit
Available for: macOS Catalina and macOS Mojave
Impact: Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.
Description: A memory corruption issue was addressed with improved state management.
CVE-2021-30665: yangkang (@dnpushme)&zerokeeper&bianliang of 360 ATA
Description: An integer overflow was addressed with improved input validation.
CVE-2021-30663: an anonymous researcher
You can update Safari by going to the Software Update menu in the System Preferences app on your Mac. More information about Safari 14.1 security updates can be found in this support article on Apple’s website.