Apple devices under attack — update your Mac, iPhone, iPad and Apple Watch now

News
By
published

Exploited flaws threaten most of Apple's most recent devices

Purple iPhone 12
(Image credit: Future)

Apple on Monday (May 3) pushed out emergency patches to macOS, iPadOS, watchOS and two different versions of iOS to fix four flaws in WebKit, the rendering engine that unlies the Safari web browser.

Macs are pushed up to macOS Big Sur 11.3.1. Apple Watch goes up to watchOS 7.4.1. Newer iPhones and iPads get iOS/iPadOS 14.5.1, while older iPhones and iPads (going back to 2013's iPhone 5s, iPad Air and iPad mini 2) get iOS 12.5.3

Install these updates when you receive them, because for each flaw, the company states that "Apple is aware of a report that this issue may have been actively exploited."

In each case, Apple says, "processing maliciously crafted web content may lead to arbitrary code execution." In plain English, that means web pages could be built to remotely hack your Mac, iPhone, iPad or Apple Watch.

Three of the four flaws — assigned catalog numbers CVE-2021-30661, 30665 and 30666 — were credited to Chinese researchers Yang Kang (aka "@dnpushme"), "zerokeeper" and Bian Liang. Apple gave their affiliation as "360 ATA," which may be part of the Qihoo 360 group. All three flaws had to do with improper handling of running memory.

The fourth vulnerability, CVE-2021-30663, is credited to "an anonymous researcher." That flaw is described only as an "integer overflow." 

The iOS 12.5.3 update patches all four of the flaws. The other updates patch only CVE-2021-30663 & 30665, the remaining two flaws presumably having been fixed by previous system updates.

Apple normally doesn't give much in the way of details about security flaws until well after most users have installed the fixes. 

Apple has had a busy couple of weeks in terms of information security. Last week, the company released macOS 11.3 to fix a very serious flaw that, like these reported today, was already being used by hackers. As with the four disclosed today, that means this is a "zero-day flaw" — so called because defending developers have zero days to patch the flaw before it's exploited in the wild.

Earlier in April, German researchers said that Apple's AirDrop wireless file-sharing protocol could be abused to leak users' contact information to anyone nearby. That flaw does not seem to have been fixed with today's updates.

See more Smartwatches News
TOPICS
Paul Wagenseil
Paul Wagenseil

Paul Wagenseil is a senior editor at Tom's Guide focused on security and privacy. He has also been a dishwasher, fry cook, long-haul driver, code monkey and video editor. He's been rooting around in the information-security space for more than 15 years at FoxNews.com, SecurityNewsDaily, TechNewsDaily and Tom's Guide, has presented talks at the ShmooCon, DerbyCon and BSides Las Vegas hacker conferences, shown up in random TV news spots and even moderated a panel discussion at the CEDIA home-technology conference. You can follow his rants on Twitter at @snd_wagenseil.

Read more
iPhone 16 Pro shown held in hand
Apple just patched its first zero-day flaw of the year — update your iPhone and Mac right now
Apple iPhone 16 held in the hand.
iOS 18.3.1 — update your iPhone right now to fix critical zero-day vulnerability
Software Update menu on iPhone showing iOS 18.2 ready to download
Apple Passwords app affected by critical bug — update to iOS 18.2 now
MacBook Pro 16-inch 2021 sitting on a patio table
Critical macOS flaw puts your data and cameras at risk — update right now
A padlock resting next to the Apple logo on the lid of a gold-colored Apple laptop.
Mac and iPhone users beware — Apple processors can be exploited to steal sensitive information
Surface Laptop 5 open on desk showing Windows 11 desktop
Microsoft just fixed 72 Windows security flaws — update your PC right now
Latest in Smartwatches
apple watch 4
Apple Watch escapes U.S. import ban after court victory in patent case
Apple Watch Ultra 2 on a black silicone strap and Amazfit T-Rex 3 on an orange silicone strap shown side-by-side on a user's wrist
I walked 10,000 steps with Apple Watch Ultra 2 vs Amazfit T-Rex 3 —here's the winner
The Circular Ring 2, up close, with half of the device slightly obstructed by orange glass in the foreground
Circular Ring 2 is now available to pre-order — and you could save up to $310 right now
Close up of the Amazfit T-Rex 3 smartwatch on an orange silicone strap
I just went hands-on with the Amazfit T-Rex 3 and it could be my new favorite wallet-friendly rugged smartwatch
Garmin golf watch
I played a golf round with the Garmin Approach S50 smartwatch, and it's fantastic — here's why
A black Honor Watch 5 Ultra smartwatch for Android and iOS smartphones
I used the new Honor Watch 5 Ultra to track my sleep — and the results seriously surprised me
Latest in News
Samsung's Project Moohan with Android XR at Galaxy Unpacked 2025
Samsung's XR headset could launch this summer — but at Apple Vision Pro prices, is it already doomed?
Visual Intelligence being used to look up automotive info on an iPhone 16e
Not just for flagships anymore — how the Pixel 8a, iPhone 16e and other phones are expanding AI's reach
Former AATIP director Lue Elizondo tells documentary filmmaker Dan Farah we are 'not alone' in new 1hr 49m UFO film "The Age of Disclosure" (2025)
How to watch 'The Age of Disclosure' – can you stream UFO documentary online?
NYTimes Connections
NYT Connections today hints and answers — Monday, March 10 (#638)
A render of the iPhone 17 Pro Max
iPhone 17 Pro Max — this new rumor could push people towards iPhone 17 Air
Isabela Merced as Dina and Bella Ramsey as Ellie in The Last of Us Season 2
New 'The Last of Us' season 2 trailer shows off my favorite moment from 'Part II'
More about smartwatches
apple watch 4

Apple Watch escapes U.S. import ban after court victory in patent case
A black Honor Watch 5 Ultra smartwatch for Android and iOS smartphones

I used the new Honor Watch 5 Ultra to track my sleep — and the results seriously surprised me
Samsung's Project Moohan with Android XR at Galaxy Unpacked 2025

Samsung's XR headset could launch this summer — but at Apple Vision Pro prices, is it already doomed?
See more latest
Most Popular
Samsung's Project Moohan with Android XR at Galaxy Unpacked 2025
Samsung's XR headset could launch this summer — but at Apple Vision Pro prices, is it already doomed?
(L-R) Jay Ellis as Jay and Kate Hudson as Isla Gordon in "Running Point" on Netflix
5 best shows like 'Running Point' to stream right now
(L-R): Millie Bobby Brown, Chris Pratt and Ke Huy Quan in "The Electric State" on Netflix.
New on Netflix: 7 movies and shows to watch this week (Mar. 10-16)
Visual Intelligence being used to look up automotive info on an iPhone 16e
Not just for flagships anymore — how the Pixel 8a, iPhone 16e and other phones are expanding AI's reach
Long Bright River; John Mulaney; The Wheel of Time
6 top new TV shows to stream this week on Netflix, Prime Video and more (March 10-16)
NYTimes Connections
NYT Connections today hints and answers — Monday, March 10 (#638)
NYT Strands on a cellphone
NYT Strands today — hints, spangram and answers for game #372 (Monday, March 10 2025)
Former AATIP director Lue Elizondo tells documentary filmmaker Dan Farah we are 'not alone' in new 1hr 49m UFO film "The Age of Disclosure" (2025)
How to watch 'The Age of Disclosure' – can you stream UFO documentary online?
A render of the iPhone 17 Pro Max
iPhone 17 Pro Max — this new rumor could push people towards iPhone 17 Air
Isabela Merced as Dina and Bella Ramsey as Ellie in The Last of Us Season 2
New 'The Last of Us' season 2 trailer shows off my favorite moment from 'Part II'