Apple Products Multiple Vulnerabilities

Last Update Date: 23 Sep 2021 Release Date: 14 Sep 2021 6626 Views

RISK: Extremely High Risk

TYPE: Operating Systems - Mac OS

Multiple vulnerabilities were identified in Apple Products, a remote attacker could exploit some of these vulnerabilities to trigger denial of service condition, elevation of privilege, remote code execution, sensitive information disclosure and security restriction bypass on the targeted system.

HKCERT is aware of these vulnerabilities have been reported publicly that they are being exploited in the wild, and encourages users and administrators to review the security update pages for the affected products and apply the related updates as soon as possible.

Note:
CVE-2021-30858 and CVE-2021-30860 are being exploited in the wild.

[Updated on 2021-09-23] Apple has released additional information for "macOS Big Sur 11.6", "Security Update 2021-005 Catalina" and "iOS 14.8 and iPadOS 14.8". Additional Impacts including denial of service condition, elevation of privilege, sensitive information disclosure and security restriction bypass are added. CVEs are updated in "Vulnerability Identifier" Section.

Impact

Remote Code Execution
Denial of Service
Elevation of Privilege
Security Restriction Bypass
Information Disclosure

System / Technologies affected

Versions prior to iOS 14.8
Versions prior to iPadOS 14.8
Versions prior to macOS Big Sur 11.6
Versions prior to macOS Catalina Security Update 2021-005
Versions prior to watchOS 7.6.2
Versions prior to Safari 14.1.2

Solutions

Before installation of the software, please visit the vendor web-site for more details.

Apply fixes issued by the vendor:

iOS 14.8
iPadOS 14.8
macOS Big Sur 11.6
macOS Catalina Security Update 2021-005
watchOS 7.6.2
Safari 14.1.2

Vulnerability Identifier

[Updated on 2021-09-23]

Apple Products Multiple Vulnerabilities

Impact

System / Technologies affected

Solutions

Vulnerability Identifier

Source

Related Link