In order to protect users of their smartphones, tablets, macs and connected watches from several security vulnerabilities, including Pegasus, Apple has updated its operating systems. Upgrades are iOS and iPadOS 14.8, macOS 11.6 and watchOS 7.6.2. All iPhone models since the 6S are affected by CVE-2021-30860 and 2021-30858 which expose their users to compromise. (credit: Apple) figcaption>
Until Apple no doubt evokes iOS 15 during its" California Streaming "event at the end of the day, the company is is working to correct many security holes in iOS 14. Without any beta test or any warning, the Cupertino company has published several fixes for all of its terminals including iOS 14.8 for its smartphones and iPadOS 14.8 for its tablets. "These important security updates are recommended for all users," Apple said soberly on its support web page . The New York Times reported that they fix a flaw related to the Pegasus spyware.
Two main vulnerabilities are addressed: the first concerns the CoreGraphics frameworkto work around a problem with creating malicious PDFs that could lead to the execution of arbitrary code. "An overflow has been resolved with improved input validation," said Apple, indicating that it is aware of a report according to which this flaw may have been actively exploited. This CVE-2021-30860 is for iPhone 6s (and later) as well as iPad Pro (all models), iPad Air 2 (and later) iPad 5th generation (at least), iPad mini 4 and above as well than the iPod touch (7th generation).
The patched Webkit framework
The second flaw (CVE-2021-30858) concerns the WebKit framework and leads to the possibility of 'execute malicious web content which may lead to the execution of arbitrary code. It affects the same types of terminals as for the first vulnerability. According to the firm at the apple, the problem has been solved thanks to better memory management.
The CVE-2021-30860 and 2021-30858 are alsont patched for macOS 11.6 which also benefits from improved functionalities as well as for the operating system for its connected watches (watchOS 7.6.2). To obtain these important security updates, the user must go to the "Settings" tab of their terminal, then select "General", "Software update", and finally "Download and install". All the procedures for installing the latest security updates are available at this address .