This week Apple released security updates to address multiple vulnerabilities in its products. The most critical of these flaws could be exploited to execute arbitrary code. Timely patching is recommended.
- The updates for macOS Mojave, Catalina, and Big Sur address multiple vulnerabilities that could be exploited to execute arbitrary code.
- Issues addressed in iOS 14.7 and iPadOS 14.7 include arbitrary code execution, denial-of-service (DOS), bypass of code signing checks and kernel memory mitigations, and information leaks among others.
- Notably, Apple addressed CVE-2021-30800, a flaw commonly known as WiFiDemon, affecting devices running iOS versions prior to 14.7. The issue was previously misclassified as DOS only. Researchers later found that joining a malicious Wi-Fi network using affected devices may also result in remote code execution with no user interaction required.
- The fixes also address four memory corruption issues (CVE-2021-30799, CVE-2021-30797, CVE-2021-30795, and CVE-2021-30758) in WebKit that could allow arbitrary code execution via maliciously-crafted Web content.
- Other notable fixes include:
- CVE-2021-3518, a remote arbitrary code execution flaw due to an issue in libxml2.
- CVE-2021-30765, CVE-2021-30766, CVE-2021-30703, CVE-2021-30793, issues allowing an application to execute arbitrary code with kernel privileges.
- CVE-2021-30672, a memory corruption issue in Bluetooth that could allow a malicious application to gain root privileges.
- The latest versions of Apple products are:
- If you are using any of the vulnerable Apple products, ensure you have the latest updates installed.
- Check for and install software updates on your device manually by going to Settings > General > Software Update.