Apple has released security updates that fix two actively exploited zero-day vulnerabilities in the Webkit engine used by hackers to attack iPhones, iPads, iPods, macOS, and Apple Watch devices.

These vulnerabilities are tracked as CVE-2021-30665 and CVE-2021-30663, and both allow arbitrary remote code execution (RCE) on vulnerable devices simply by visiting a malicious website.

RCE vulnerabilities are considered the most dangerous as they allow attackers to target vulnerable devices and execute commands on them remotely.

The zero-days were addressed by Apple in the iOS 14.5.1, iOS 12.5.3, macOS Big Sur 11.3.1, and the watchOS 7.4.1 updates.

Source: bleepingcomputer.com