Apple devices under attack — update your Mac, iPhone, iPad and Apple Watch now

Purple iPhone 12
(Image credit: Future)

Apple on Monday (May 3) pushed out emergency patches to macOS, iPadOS, watchOS and two different versions of iOS to fix four flaws in WebKit, the rendering engine that unlies the Safari web browser.

Macs are pushed up to macOS Big Sur 11.3.1. Apple Watch goes up to watchOS 7.4.1. Newer iPhones and iPads get iOS/iPadOS 14.5.1, while older iPhones and iPads (going back to 2013's iPhone 5s, iPad Air and iPad mini 2) get iOS 12.5.3

Install these updates when you receive them, because for each flaw, the company states that "Apple is aware of a report that this issue may have been actively exploited."

In each case, Apple says, "processing maliciously crafted web content may lead to arbitrary code execution." In plain English, that means web pages could be built to remotely hack your Mac, iPhone, iPad or Apple Watch.

Three of the four flaws — assigned catalog numbers CVE-2021-30661, 30665 and 30666 — were credited to Chinese researchers Yang Kang (aka "@dnpushme"), "zerokeeper" and Bian Liang. Apple gave their affiliation as "360 ATA," which may be part of the Qihoo 360 group. All three flaws had to do with improper handling of running memory.

The fourth vulnerability, CVE-2021-30663, is credited to "an anonymous researcher." That flaw is described only as an "integer overflow." 

The iOS 12.5.3 update patches all four of the flaws. The other updates patch only CVE-2021-30663 & 30665, the remaining two flaws presumably having been fixed by previous system updates.

Apple normally doesn't give much in the way of details about security flaws until well after most users have installed the fixes. 

Apple has had a busy couple of weeks in terms of information security. Last week, the company released macOS 11.3 to fix a very serious flaw that, like these reported today, was already being used by hackers. As with the four disclosed today, that means this is a "zero-day flaw" — so called because defending developers have zero days to patch the flaw before it's exploited in the wild.

Earlier in April, German researchers said that Apple's AirDrop wireless file-sharing protocol could be abused to leak users' contact information to anyone nearby. That flaw does not seem to have been fixed with today's updates.

TOPICS
Paul Wagenseil

Paul Wagenseil is a senior editor at Tom's Guide focused on security and privacy. He has also been a dishwasher, fry cook, long-haul driver, code monkey and video editor. He's been rooting around in the information-security space for more than 15 years at FoxNews.com, SecurityNewsDaily, TechNewsDaily and Tom's Guide, has presented talks at the ShmooCon, DerbyCon and BSides Las Vegas hacker conferences, shown up in random TV news spots and even moderated a panel discussion at the CEDIA home-technology conference. You can follow his rants on Twitter at @snd_wagenseil.

Read more
Apple iPhone 16 Plus Review.
Apple just released an emergency security update for a flaw used in an ‘extremely sophisticated attack’ — update your devices right now
iPhone 16 Pro shown held in hand
Apple just patched its first zero-day flaw of the year — update your iPhone and Mac right now
Apple iPhone 16 held in the hand.
iOS 18.3.1 — update your iPhone right now to fix critical zero-day vulnerability
MacBook Pro 16-inch 2021 sitting on a patio table
Critical macOS flaw puts your data and cameras at risk — update right now
Windows
240 million Windows 10 users are vulnerable to six different hacker exploits — protect yourself now
A padlock resting next to the Apple logo on the lid of a gold-colored Apple laptop.
Mac and iPhone users beware — Apple processors can be exploited to steal sensitive information
Latest in Smartwatches
The coolest things the Apple Watch can do
7 best Apple Watch features you're probably not using, but should
Close-up of the Amazfit Active 2 and Apple Watch SE next to each other on a user's wrist
I put the Apple Watch SE vs Amazfit Active 2 through a 7-round face-off — here's the winner
The Apple Watch Series 10 on display at the device's launch in September 2024
Apple Watch sales plummet 19% as smartwatch market declines for first time
apple watch 4
Apple Watch escapes U.S. import ban after court victory in patent case
Apple Watch Ultra 2 on a black silicone strap and Amazfit T-Rex 3 on an orange silicone strap shown side-by-side on a user's wrist
I walked 10,000 steps with Apple Watch Ultra 2 vs Amazfit T-Rex 3 —here's the winner
Close-up of the Amazfit Active 2 on a user's wrist with the maps display shown
I just tested the Amazfit Active 2 — 7 things you should know about my favorite smartwatch under $100
Latest in News
iPhone 17 Air render
New leaked iPhone 17 dummy units show off super-thin iPhone 17 Air with this surprising design tweak
Simone Ashley and Hero Fiennes Tiffin in "Picture This" now streaming on Prime Video
Prime Video top 10 has 3 must-watch movies — including a bubbly romcom starring 'Bridgerton's' Simone Ashley
(L-R) Josh Hartnett as Cooper and Ariel Donoghue as Riley in "Trap"
Netflix top 10 movies — here’s the 3 worth watching right now
iOS 19 logo on an iPhone
Apple WWDC 2025: iOS 19 and everything we know so far
Siri
Siri 2.0 features reportedly only working ‘two-thirds to 80% of the time’
Jack Draper in action at Indian Wells 2025
How to watch Indian Wells men’s and women’s finals: live stream tennis online