Apple has released security updates to fix vulnerabilities in iOS 14.6, macOS Big Sur 11.4, Safari 14.1.1, tvOS 14.6, watchOS 7.5, and other products. The tech giant also reported macOS Big Sur vulnerability CVE-2021-30713 has been exploited in the wild.
A hacker could exploit some of these vulnerabilities to take control of affected devices.
iOS 14.6 and iPadOS 14.6
The latest iOS 14.6 and iPadOS 14.6 security update released on May 24 addressed 43 vulnerabilities, 12 of these could result in arbitrary code execution:
- CVE-2021-30707: Audio file improved checks.
- CVE-2021-30701: ImageIO crafted image improved checks.
- CVE-2021-30740, CVE-2021-30704, CVE-2021-30736: Kernel bugs.
- CVE-2021-30725, CVE-2021-30693, CVE-2021-30708: Model I/O issues.
- CVE-2021-30737: Security memory corruption issue in the ASN.1 decoder.
- CVE-2021-21779, CVE-2021-30749, CVE-2021-30734: WebKit bugs.
Apple also fixed a WiFi vulnerability CVE-2021-30667 where an attacker within WiFi range may be able to force a client to use a less secure authentication mechanism.
Moreover, another patched vulnerability CVE-2021-30681 in Core Services could allow a malicious application to gain root privileges.
The update is available for iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation).
Apple released macOS Big Sur 11.4 security update on May 24 that addressed 73 vulnerabilities. The tech giant warned one TCC vulnerability CVE-2021-30713 has been exploited in the wild.
“A malicious application may be able to bypass Privacy preferences. Apple is aware of a report that this issue may have been actively exploited,” Apple stated in the advisory.
In addition, 10 of the patches address OpenLDAP vulnerabilities that could allow a remote attacker to cause a denial of service.
The Apple Safari 14.1.1 security update fixed 10 vulnerabilities – 8 of those WebKit and 2 WebRTC issues.
The update is available for systems running macOS Catalina and macOS Mojave.
The tvOS 14.6 security update addressed 26 vulnerabilities in total, 11 of those that could lead to arbitrary code execution.
The update is available for Apple TV 4K and Apple TV HD models.
The latest Apple Watch 7.5 security update addressed 25 vulnerabilities that impact Apple Watch Series 3 and later models.
As a reminder, two vulnerabilities (CVE-2021-30665 and CVE-2021-30663) were also being exploited in the wild last month against multiple Apple products and previously patched last month. So, keeping all of your Apple devices up to date should be high priority.
Readers can check out the Apple security updates page for more details.
Update May 26, 2021: This article was updated to include confirmed active exploits in the wild against macOS vulnerability CVE-2021-30713
- Apple fixes Boot Camp vulnerability (CVE-2021-30675)
- Apple fixes vulnerabilities under active exploit (CVE-2021-30663 and CVE-2021-30665)
- XCSSET malware now targets Apple’s macOS 11 and M1-based Macs
- Apple iOS 14.4.2 security update fixes zero-day vulnerability exploited in the wild
- North Korea threat actors use AppleJeus malware to steal cryptocurrency
- Apple releases iOS 14.4 with fixes for 3 zero-days exploited in wild (and other security updates)