On 13 September 2021, Apple released security updates to address two actively exploited vulnerabilities. We recommend applying the latest updates as soon as possible.
Both vulnerabilities require a victim user to open a web page or a document crafted by a threat actor for an execution to be successful.
The first issue, tracked as CVE-2021-30860, is an integer overflow flaw affecting Core Graphics, Apple's vector drawing framework. Processing a maliciously crafted PDF may lead to arbitrary code execution.
The second flaw, CVE-2021-30858, is a use-after-free issue in WebKit, a browser engine used in Safari and iOS web browsers. Processing maliciously crafted web content may lead to arbitrary code execution.
The following updates in Apple products would need to be applied to fix these vulnerabilities:
macOS Big Sur 11.6
If you are using any of the vulnerable Apple products, ensure you have the latest updates installed.
Check for and install software updates on your device manually by going to Settings > General > Software Update.