Various Apple Products Impacted by Security Bugs – Patches Available
The US Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA) says that Apple has released patches for security flaws in macOS Big Sur 11.6, macOS Catalina, watchOS 7.6.2, iOS 14.8, iPad OS 14.8, and Safari 14.1.2.
A security flaw that impacts iOS 14.8 and iPadOS 14.8 and is listed in the Common Vulnerabilities and Exposures as (CVE-2021-30860).
“Processing a maliciously crafted PDF may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited,” says Apple.
Another flaw affects iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation). This bug exploits maliciously crafted web content that can lead to arbitrary code execution.
Affected models include iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation).
The updates address vulnerabilitiesCVE-2021-30858 and CVE-2021-30860 as listed below.
macOS Big Sur 11.6 and (CVE-2021-30860) addresses PDF documents that can be maliciously crafted for arbitrary code execution. Apple says that this bug has been exploited by hackers.
macOS Big Sur (CVE-2021-30858) patches malicious web content may lead to arbitrary code execution. Apple says that this security flaw has been exploited by hackers.
For Apple Watch Series 3 and later a security flaw watchOS 7.6.2 (CVE-2021-30860) may also lead to arbitrary code execution and may also already been exploited.
Another flaw addressed by this update impacts Safari 14.1.2. The updates are available for macOS Catalina and macOS Mojave. The vulnerability is listed CVE-2021-30858. Hackers exploiting this security bug may exploit malicious crafted web content.
CISA is a federal agency is an operational component under Department of Homeland Security oversight.