It allows for the processing of maliciously crafted web content that may lead to arbitrary code execution.
13.Īlso addressed in the update is CVE-2021-30858, a vulnerability in WebKit found on older Apple devices. The government of Bahrain reportedly used NSO’s Pegasus software to spy on activists.Īpple had previously addressed the same exploit being used by NSO’s software in macOS, watchOS and later versions of iOS Sept. being used to exploit the vulnerability to gain access to data on iPhones. The report Apple refers to is the story in August of software created by Israeli cybersecurity company NSO Group Technologies Ltd.
Updates for mac pdf#
The vulnerability is described as existing in CoreGraphics and allows for processing a maliciously crafted PDF that may lead to arbitrary code execution.Īpple noted that it’s aware of a report that this issue may have been actively exploited and credits The Citizen Lab for discovering it. The iOS update also addressed other vulnerabilities in older Apple devices, including CVE-2021-30860. Apple gave credit for the discovery of the vulnerability to Eyre Hernandez and Clément Lecigne of the Google Threat Analysis Group and Ian Beer of Google Project Zero. The XNU vulnerability affects macOS as well as iPhone 5s, iPhone 6, iPhone 6 Plus, iPad Air, iPad mini 2, iPad mini 3 and iPod touch.Īpple describes the vulnerability as allowing a malicious application to execute arbitrary code with kernel privileges and notes that an exploit for the issue exists in the wild. The updates, iOS 12.5.5, for older models that can’t run iOS 15, and Security Update 2021-006 Catalina, both address the vulnerability known as CVE-2021-30869. today released updates for iOS and macOS that address several vulnerabilities currently being exploited in the wild.
0 kommentar(er)
