On 13 September 2021, Apple released security updates to address two actively exploited vulnerabilities. We recommend applying the latest updates as soon as possible.
- Both vulnerabilities require a victim user to open a web page or a document crafted by a threat actor for an execution to be successful.
- The first issue, tracked as CVE-2021-30860, is a an integer overflow flaw affecting Core Graphics, Apple’s vector drawing framework. Processing a maliciously crafted PDF may lead to arbitrary code execution.
- The second flaw, CVE-2021-30858, is a use-after-free issue in WebKit, a browser engine used in Safari and iOS web browsers. Processing maliciously crafted web content may lead to arbitrary code execution.
- The following updates in Apple products would need to be applied to fix these vulnerabilities:
- 2021-005 Catalina
- macOS Big Sur 11.6
- Safari 14.1.2
- watchOS 7.6.2
- iOS 14.8
- iPadOS 14.8
- If you are using any of the vulnerable Apple products, ensure you have the latest updates installed.
- Check for and install software updates on your device manually by going to Settings > General > Software Update.