SECURITY ALERTS

Two Zero-day Vulnerabilities (CVE-2021-30858, CVE-2021-30860) Exist in iOS

DESCRIPTION:

Two zero-day vulnerabilities (CVE-2021-30858, CVE-2021-30860) exist in macOS, iOS/iPadOS and Safari web browser.

The first zero-day, CVE-2021-30858, is a Use After Free vulnerability that stems from improper memory handling in the WebKit. Due to the vulnerability, an attacker can conduct arbitrary code execution attacks on vulnerable products.

The second zero-day, CVE-2021-30860, is an Integer Overflow vulnerability that exists in the Apple’s image rendering library (CoreGraphics). Due to the vulnerability, an attacker can run arbitrary code on the vulnerable products via a maliciously crafted PDF.

 

AFFECTED RELEASES:

CVE-2021-30858:

macOS Catalina and macOS Mojave:Prior to Safari 14.1.2

macOS Big Sur:Prior to macOS Big Sur 11.6

iPhone 6s and later, and iPod touch (7th generation): Prior to iOS 14.8

iPad Pro(all models)、iPad Air 2、iPad 5th generation and later, iPad mini 4 and later: Prior to iPadOS 14.8

 

CVE-2021-30860:

macOS Catalina:Prior to Security Update 2021-005 Catalina

macOS Big Sur:Prior to macOS Big Sur 11.6

Apple Watch Series 3 and later:Prior to watchOS 7.6.2

iPhone 6s and later , and iPod touch (7th generation):Prior to iOS 14.8

iPad Pro(all models)、iPad Air 2、iPad 5th generation and later, iPad mini 4 and later:Before iPadOS 14.8

 

SOLUTION:

Users and system administrators of affected products are advised to apply the security updates immediately from the following URL:

https://support.apple.com/en-us/HT201222

 

REFERENCE:

1. https://chromereleases.googleblog.com/2021/09/stable-channel-update-for-desktop.html

2. https://cybersophia.net/vulnerability/emergency-updates-for-macos-ios-and-safari-cve-2021-30858-cve-2021-30860/

Back To Top