Apple has released iOS 14.8, iPadOS 14.8, watchOS 7.6.2, macOS Big Sur 11.6, and Safari 14.1.2 to fix two actively exploited vulnerabilities, one of which defeated extra security protections built into the operating system.
The list of two flaws is as follows –
- CVE-2021-30858 (WebKit) – A use after free issue that could result in arbitrary code execution when processing maliciously crafted web content. The flaw has been addressed with improved memory management.
- CVE-2021-30860 (CoreGraphics) – An integer overflow vulnerability that could lead to arbitrary code execution when processing a maliciously crafted PDF document. The bug has been remediated with improved input validation.
“Apple is aware of a report that this issue may have been actively exploited,” the iPhone maker noted in its advisory.
The updates arrive weeks after researchers from the University of Toronto’s Citizen Lab revealed details of a zero-day exploit called “FORCEDENTRY” (aka Megalodon) that was weaponized…