Apple released security update to fix two zero-day vulnerabilities CVE-2021-30860 and CVE-2021-30858. The attacker can exploit these vulnerabilities by sending a maliciously crafted PDF which could led to arbitrary code execution on the targeted system. CVE-2021-30860: The Integer Overflow vulnerability exists in CoreGraphics which could allow the threat actors to create malicious PDF documents that execute commands when accessed by the targeted victim.
CVE-2021-30858: The Use after free vulnerability exist in WebKit which could allow the threat actors to create maliciously crafted web page that execute commands when accessed by the targeted victim.
Users of the below products are advised to review the security update pages:
macOS Big Sur 11.6
iOS 14.8 and iPadOS 14.8
It is recommended to update apple devices to their latest available version.