|Advisory Type||Vulnerability Intelligence|
|CVE ID||CVE-2021-30657,30663, 30665, 30666|
|Vulnerability Type||Remote Code Execution|
|Vulnerable Application||Apple iPhone WebKit Engine|
Adversaries are actively targeting and exploiting zero-day vulnerabilities in iOS. Based on the security advisories posted by Apple, there are critical bugs present in the WebKit Engine, a browser rendering engine that is used in web browsers like Safari (iOS) and other applications that render HTML. The bugs that were publicly disclosed, when exploited, led to remote code execution on affected systems. A recent 0-day, dubbed CVE-2021-30657, is responsible for client-side attack vectors involving malware execution by bypassing Apple’s File Quarantine, Gatekeeper, and Notarization security checks. This bug is actively exploited in the wild by Shlayer Malware.
The bug is triggered when the victim visits a malicious website hosted by the threat actor.
Apple patched the zero-day, CVE-2021-30657, that was targeting MacOS and exploited in the wild by Shlayer malware to bypass Apple’s File Quarantine, Gatekeeper, and Notarization security checks in order to download second-stage malicious payloads.