13.09.2021 Apple Updates Address Two Currently Exploited Vulnerabilities

by Elena Lapina

On 13 September 2021, Apple released security updates to address two actively exploited vulnerabilities. We recommend applying the latest updates as soon as possible.

Details

  • Both vulnerabilities require a victim user to open a web page or a document crafted by a threat actor for an execution to be successful.
    • The first issue, tracked as CVE-2021-30860, is a an integer overflow flaw affecting Core Graphics, Apple’s vector drawing framework. Processing a maliciously crafted PDF may lead to arbitrary code execution.
    • The second flaw, CVE-2021-30858, is a use-after-free issue in WebKit, a browser engine used in Safari and iOS web browsers. Processing maliciously crafted web content may lead to arbitrary code execution.
  • The following updates in Apple products would need to be applied to fix these vulnerabilities:
    • 2021-005 Catalina
    • macOS Big Sur 11.6
    • Safari 14.1.2
    • watchOS 7.6.2
    • iOS 14.8
    • iPadOS 14.8

Recommendations

  • If you are using any of the vulnerable Apple products, ensure you have the latest updates installed.
  • Check for and install software updates on your device manually by going to Settings > General > Software Update.

References 

 

Request Demo

Fill out the form and we will send you details about our demo.