2 min read

Apple Rolls Out Urgent Patch for Zero-Day Flaws in iOS, macOS and watchOS

Filip TRUȚĂ

September 14, 2021

Ad One product to protect all your devices, without slowing them down.
Free 90-day trial
Apple Rolls Out Urgent Patch for Zero-Day Flaws in iOS, macOS and watchOS

Apple this week released multiple security updates to address two critical vulnerabilities in iOS, macOS and watchOS. The company says it has received reports that the flaws “may have been actively exploited.”

One of many zero-days found in WebKit this year, CVE-2021-30858 can enable a malicious actor to execute arbitrary code on the target device by “processing maliciously crafted web content.

CVE-2021-30860, which is nearly identical in nature, describes a flaw in CoreGraphics: “Processing a maliciously crafted PDF may lead to arbitrary code execution,” according to the advisories.

Both flaws are being actively exploited, according to reports by researchers, the company says.

On the mobile side, the vulnerabilities affect iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation).

On the desktop side, macOS Big Sur, macOS Catalina and macOS Mojave are all impacted.

Even the wearable branch of Apple’s products is impacted, with CVE-2021-30860 also found in watchOS.

Customers are advised to install iOS 14.8 and iPadOS 14.8 to patch their iDevices. Desktop users are told to update to macOS Big Sur 11.6 or to download Security Update 2021-005 Catalina, depending on their desktop configuration.

Safari 14.1.2 patches CVE-2021-30858 for macOS Catalina and macOS Mojave, respectively. After installing this update, users should see the build number for Safari 14.1.2 as 14611.3.10.1.7 on macOS Mojave and 15611.3.10.1.7 on macOS Catalina.

Finally, watchOS 7.6.2 patches CVE-2021-30860 on Apple Watch Series 3 and newer models.

Apple credits The Citizen Lab for finding CVE-2021-30860, only a few weeks after the Toronto-based team published details of a zero-day exploit allegedly used by an Israeli vendor of surveillance solutions.

“Our latest discovery of yet another Apple zero day employed as part of NSO Group’s arsenal further illustrates that companies like NSO Group are facilitating ‘despotism-as-a-service’ for unaccountable government security agencies,” the research team wrote. “Ubiquitous chat apps have become a major target for the most sophisticated threat actors, including nation state espionage operations and the mercenary spyware companies that service them. As presently engineered, many chat apps have become an irresistible soft target.”

Apple users are urged to update their products as soon as possible.

For reference, all affected devices and the advisories for the flaws impacting each product are listed below:

iOS 14.8 and iPadOS 14.8

macOS Big Sur 11.6

macOS Catalina

Safari 14.1.2

watchOS 7.6.2

tags


Author



Right now

Top posts

John Oliver Shows the Dark Side of Data Brokerage on Last Week Tonight

John Oliver Shows the Dark Side of Data Brokerage on Last Week Tonight

April 15, 2022

3 min read
Bitdefender Labs Warns of Phishing Scams Targeting MetaMask Users

Bitdefender Labs Warns of Phishing Scams Targeting MetaMask Users

April 14, 2022

3 min read
Why and how to hide your IP address while traveling

Why and how to hide your IP address while traveling

April 13, 2022

2 min read
How Bitdefender Can Help Restore Your Privacy in the Digital Age

How Bitdefender Can Help Restore Your Privacy in the Digital Age

April 04, 2022

3 min read
How Strong is VPN Encryption?

How Strong is VPN Encryption?

February 28, 2022

3 min read
Top Three Ways Internet Users Unknowingly Help Cybercriminals

Top Three Ways Internet Users Unknowingly Help Cybercriminals

February 25, 2022

4 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

1.8 Million Texans Caught in TDI Data Breach 1.8 Million Texans Caught in TDI Data Breach
Silviu STAHIE

May 20, 2022

1 min read
Your Identity is Being Traded on The Internet Every 2.5 Minutes Your Identity is Being Traded on The Internet Every 2.5 Minutes
Radu CRAHMALIUC

May 20, 2022

3 min read
Malware and PUA Campaigns Abuse Existing Apps, Here’s a Top 10 to Watch Out For Malware and PUA Campaigns Abuse Existing Apps, Here’s a Top 10 to Watch Out For
Silviu STAHIE

May 19, 2022

3 min read