Apple released macOS Big Sur 11.3.1 addressing two security vulnerabilities in WebKit that could allow attackers to execute arbitrary code on Macs.
The roll-out of the new macOS Big Sur 11.3.1 supplemental update kicked off on May 3, 2021. It came in quick succession after version 11.3, which became available last week and brought HomePod integration improvements along with other small enhancements and security patches. The latest release introduces two fixes addressing bugs in WebKit, a browser engine forming the foundation of Safari. This move co-occurred with iOS 14.5.1 and watchOS 7.4.1 updates. According to Apple’s documentation, threat actors may have parasitized both of these flaws in real-world attacks. This could explain the emergency nature of the tweaks, given the unusually short time that elapsed since the previous major release.
What exactly has been fixed?
One of the now-addressed vulnerabilities is tracked as CVE-2021-30665. It is a memory corruption loophole that can be weaponized when an adversary manipulates a user into engaging with malicious crafted web content. When processed in Safari, such dodgy materials call forth a condition in which the attacker can run arbitrary code on the target device behind the scenes. The bug has been remedied via fine-tunings of WebKit state management in macOS Big Sur 11.3.1.
The other security gap is catalogued as CVE-2021-30663. It is an integer overflow vulnerability reported by an anonymous researcher. As is the case with the above flaw, it can underlie arbitrary code execution if exploited by a malefactor with enough skills on their hands. The catalyst for such abuse is web content crafted in a particular way. Apple has now addressed this imperfection by implementing input validation improvements.
Don’t postpone the update
The Cupertino company hasn’t provided additional information regarding other changes brought with Big Sur 11.3.1. That said, this appears to be a security-only update users should apply as soon as possible. To check if it’s already available for installation, head to System Preferences and select Software Update. Note that enhancements like this are deployed gradually across the Mac ecosystem, so it may take some time before they show up in the settings.