Apple Products Multiple Vulnerabilities
RISK: Extremely High Risk
TYPE: Operating Systems - Mac OS
Multiple vulnerabilities were identified in Apple Products, a remote attacker could exploit some of these vulnerabilities to trigger denial of service condition, elevation of privilege, remote code execution, sensitive information disclosure and security restriction bypass on the targeted system.
HKCERT is aware of these vulnerabilities have been reported publicly that they are being exploited in the wild, and encourages users and administrators to review the security update pages for the affected products and apply the related updates as soon as possible.
CVE-2021-30858 and CVE-2021-30860 are being exploited in the wild.
[Updated on 2021-09-23] Apple has released additional information for "macOS Big Sur 11.6", "Security Update 2021-005 Catalina" and "iOS 14.8 and iPadOS 14.8". Additional Impacts including denial of service condition, elevation of privilege, sensitive information disclosure and security restriction bypass are added. CVEs are updated in "Vulnerability Identifier" Section.
- Remote Code Execution
- Denial of Service
- Elevation of Privilege
- Security Restriction Bypass
- Information Disclosure
System / Technologies affected
- Versions prior to iOS 14.8
- Versions prior to iPadOS 14.8
- Versions prior to macOS Big Sur 11.6
- Versions prior to macOS Catalina Security Update 2021-005
- Versions prior to watchOS 7.6.2
- Versions prior to Safari 14.1.2
Before installation of the software, please visit the vendor web-site for more details.
- iOS 14.8
- iPadOS 14.8
- macOS Big Sur 11.6
- macOS Catalina Security Update 2021-005
- watchOS 7.6.2
- Safari 14.1.2
[Updated on 2021-09-23]