Critical vulnerabilities present in certain versions of Apple iOS, macOS and Safari

Australian Cyber Security Centre

Background / What’s happened?

Two vulnerabilities (CVE-2021-30858 and CVE-2021-30860) have been identified in certain Apple products which could allow an actor to execute arbitrary code, enabling the installation of malware or other actions on a vulnerable Apple device or computer.

Apple has released the following security advisories which contain information on the security updates and associated vulnerabilities:

Mitigation / How do I stay secure?

Apple has released security updates to address these vulnerabilities. Owners of affected Apple products should apply the available security updates detailed in the links above as soon as possible.

Guidance on how to apply software updates to Apple products is available from the Apple security updates page.

Assistance / Where can I go for help?

The ACSC is monitoring the situation and is able to provide assistance and advice as required. Organisations that have been impacted or require assistance can contact the ACSC via 1300 CYBER1 (1300 292 371).

/Public Release. This material comes from the originating organization/author(s)and may be of a point-in-time nature, edited for clarity, style and length. The views and opinions expressed are those of the author(s).View in full here.