Description
Apple released security update to fix two zero-day vulnerabilities CVE-2021-30860 and CVE-2021-30858. The attacker can exploit these vulnerabilities by sending a maliciously crafted PDF which could led to arbitrary code execution on the targeted system. CVE-2021-30860: The Integer Overflow vulnerability exists in CoreGraphics which could allow the threat actors to create malicious PDF documents that execute commands when accessed by the targeted victim.
CVE-2021-30858: The Use after free vulnerability exist in WebKit which could allow the threat actors to create maliciously crafted web page that execute commands when accessed by the targeted victim.
Users of the below products are advised to review the security update pages:
macOS Big Sur 11.6
macOS Catalina
watchOS 7.6.2
iOS 14.8 and iPadOS 14.8
Safari 14.1.2
Recommendation
It is recommended to update apple devices to their latest available version.
Reference
https://support.apple.com/en-us/HT212804
https://support.apple.com/en-us/HT212805
https://support.apple.com/en-us/HT212806
https://support.apple.com/en-us/HT212807
https://support.apple.com/en-us/HT212808
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30860
https://us-cert.cisa.gov/ncas/current-activity/2021/09/13/apple-releases-security-updates-address-cve-2021-30858-and-cve
