Original Issue Date: September 14, 2021
Severity Rating: High
Software Affected
Apple macOS Big Sur versions prior to 11.6
Apple macOS Catalina
Apple iOS and iPadOS versions prior to 14.8
iPhone 6s and later,
iPad Pro (all models)
iPad Air 2 and later
iPad 5th generation and later
iPad mini 4 and later
iPod touch (7th generation)
Apple watchOS versions prior to 7.6.2
Apple Safari versions prior to 14.1.2
Overview
Two vulnerabilities have been reported in multiple products of Apple which could be exploited by a remote attacker to execute arbitrary code and take control of a targeted device.
Description
1. Integer overflow vulnerability (CVE-2021-30860)
This vulnerability exists due to integer overflow when processing PDF files within the CoreGraphics component. A remote attacker could exploit this vulnerability to process a specially crafted PDF file, to trigger an integer overflow and execute arbitrary code on the target system.
2. Use after free vulnerability (CVE-2021-30858)
The vulnerability exists due to a use after free error when processing HTML content in WebKit. A remote attacker could persuade an unsuspected victim to visit a specially crafted web page, triggering a use after free error and execute arbitrary code on the system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
Note: These vulnerabilities are currently being exploited in the wild, users are advised to apply patches urgently.
Solution
Apply appropriate updates as mentioned in Apple Security updates:
https://support.apple.com/en-us/HT212804
https://support.apple.com/en-us/HT212805
https://support.apple.com/en-us/HT212806
https://support.apple.com/en-us/HT212807
https://support.apple.com/en-us/HT212808
Disclaimer
The information provided herein is on “as is” basis, without warranty of any kind.