Skip Navigation

July 23, 2021 |

Apple security updates address vulnerabilities in multiple products

Loading table of contents...

This week Apple released security updates to address multiple vulnerabilities in its products. The most critical of these flaws could be exploited to execute arbitrary code. Timely patching is recommended.

Details

  • The updates for macOS Mojave, Catalina, and Big Sur address multiple vulnerabilities that could be exploited to execute arbitrary code.
  • Issues addressed in iOS 14.7 and iPadOS 14.7 include arbitrary code execution, denial-of-service (DOS), bypass of code signing checks and kernel memory mitigations, and information leaks among others.
  • Notably, Apple addressed CVE-2021-30800, a flaw commonly known as WiFiDemon, affecting devices running iOS versions prior to 14.7. The issue was previously misclassified as DOS only. Researchers later found that joining a malicious Wi-Fi network using affected devices may also result in remote code execution with no user interaction required.
  • The fixes also address four memory corruption issues (CVE-2021-30799, CVE-2021-30797, CVE-2021-30795, and CVE-2021-30758) in WebKit that could allow arbitrary code execution via maliciously-crafted Web content.
  • Other notable fixes include:
    • CVE-2021-3518, a remote arbitrary code execution flaw due to an issue in libxml2.
    • CVE-2021-30765, CVE-2021-30766, CVE-2021-30703, and CVE-2021-30793, issues allowing an application to execute arbitrary code with kernel privileges.
    •  CVE-2021-30672, a memory corruption issue in Bluetooth that could allow a malicious application to gain root privileges.

Recommendations

  • If you are using any of the vulnerable Apple products, ensure you have the latest updates installed.
  • Check for and install software updates on your device manually by going to Settings > General > Software Update.

References