Skip to main content

Apple Products Multiple Vulnerabilities

Last Update Date: 23 Sep 2021 Release Date: 14 Sep 2021 6792 Views

RISK: Extremely High Risk

TYPE: Operating Systems - Mac OS

TYPE: Mac OS

Multiple vulnerabilities were identified in Apple Products, a remote attacker could exploit some of these vulnerabilities to trigger denial of service condition, elevation of privilege, remote code execution, sensitive information disclosure and security restriction bypass on the targeted system.

 

HKCERT is aware of these vulnerabilities have been reported publicly that they are being exploited in the wild, and encourages users and administrators to review the security update pages for the affected products and apply the related updates as soon as possible.

 

Note:
CVE-2021-30858 and CVE-2021-30860 are being exploited in the wild.

 

[Updated on 2021-09-23] Apple has released additional information for "macOS Big Sur 11.6", "Security Update 2021-005 Catalina" and "iOS 14.8 and iPadOS 14.8". Additional Impacts including denial of service condition, elevation of privilege, sensitive information disclosure and security restriction bypass are added. CVEs are updated in "Vulnerability Identifier" Section.


Impact

  • Remote Code Execution
  • Denial of Service
  • Elevation of Privilege
  • Security Restriction Bypass
  • Information Disclosure

System / Technologies affected

  • Versions prior to iOS 14.8
  • Versions prior to iPadOS 14.8
  • Versions prior to macOS Big Sur 11.6
  • Versions prior to macOS Catalina Security Update 2021-005
  • Versions prior to watchOS 7.6.2
  • Versions prior to Safari 14.1.2

Solutions

Before installation of the software, please visit the vendor web-site for more details.

 
Apply fixes issued by the vendor:
 
  • iOS 14.8
  • iPadOS 14.8
  • macOS Big Sur 11.6
  • macOS Catalina Security Update 2021-005
  • watchOS 7.6.2
  • Safari 14.1.2

Vulnerability Identifier

 

[Updated on 2021-09-23]


Source


Related Link

https://support.apple.com/en-us/HT212804

https://support.apple.com/en-us/HT212805

https://support.apple.com/en-us/HT212806

https://support.apple.com/en-us/HT212807

https://support.apple.com/en-us/HT212808

https://us-cert.cisa.gov/ncas/current-activity/2021/09/13/apple-releases-security-updates-address-cve-2021-30858-and-cve