• Rachel Hanlon

Patch your iPhones and iPads now – Urgent security update from Apple blocks zero-day exploit

Description

Apple released security update to fix two zero-day vulnerabilities CVE-2021-30860 and CVE-2021-30858. The attacker can exploit these vulnerabilities by sending a maliciously crafted PDF which could led to arbitrary code execution on the targeted system. CVE-2021-30860: The Integer Overflow vulnerability exists in CoreGraphics which could allow the threat actors to create malicious PDF documents that execute commands when accessed by the targeted victim.

CVE-2021-30858: The Use after free vulnerability exist in WebKit which could allow the threat actors to create maliciously crafted web page that execute commands when accessed by the targeted victim.


Users of the below products are advised to review the security update pages:

  • macOS Big Sur 11.6

  • macOS Catalina

  • watchOS 7.6.2

  • iOS 14.8 and iPadOS 14.8

  • Safari 14.1.2

Recommendation

It is recommended to update apple devices to their latest available version.

Reference

  • https://support.apple.com/en-us/HT212804

  • https://support.apple.com/en-us/HT212805

  • https://support.apple.com/en-us/HT212806

  • https://support.apple.com/en-us/HT212807

  • https://support.apple.com/en-us/HT212808

  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30860

  • https://us-cert.cisa.gov/ncas/current-activity/2021/09/13/apple-releases-security-updates-address-cve-2021-30858-and-cve




1 view0 comments