Critical Apple Release to Fix Security Vulnerabilities

by Daniel Ruiz
Senior Solutions Architect

Today Apple released several updates for macOS Big Sur 11.6, iOS 14.8, iPadOS 14.8, and watchOS 7.6.2 to fix security vulnerabilities.

The updates fix issues that allows an attacker to bypass Apple’s BlastDoor security sandbox.

Vulnerabilities:

• CoreGraphics CVE-2021-30860
• WebKit CVE-2021-30858

Impact:

• CoreGraphics CVE-2021-30860: Processing a maliciously crafted PDF may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.
  • Description: An integer overflow was addressed with improved input validation.
  • CVE-2021-30860: The Citizen Lab

• WebKit CVE-2021-30858: Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have
  • Description: A use after free issue was addressed with improved memory management.
  • CVE-2021-30858: an anonymous researcher

Impacted Products:

• iPhone 6s and later
• iPad Pro (all models)
• iPad Air 2 and later
• iPad 5th generation and later
• iPad mini 4 and later
• iPod touch (7th generation)
• macOS Big Sur Desktops and Laptop products
• Apple Watch Series 3 and later

If you would like more information or assistance from our industry leading experts to plan and execute the workaround, please contact us at service@helient.com.