Apple says iOS 14.8 patches iPhone assault that defeated Blastdoor protections

Apple has printed a full help doc detailing what’s new in iOS 14.8, watchOS 7.6.2, iPadOS 14.8, and macOS Big Sur 11.6. Apple says that the updates deal with safety vulnerabilities that “might have been actively exploited within the wild.”

Most notably, Apple says that iOS 14.8 and iPadOS 14.8 each deal with CoreGraphics and WebKit vulnerabilities that will have been actively exploited. The CoreGraphics vulnerability was reported by The Citizen Lab, which found a zero-click iPhone assault that defeated Apple’s Blastdoor protections again in August.

The vulnerability reported by The Citizen Lab is believed to have been used to focus on Bahraini activists whose iPhones have been efficiently hacked with NSO Group’s Pegasus adware.

In a support document posted at the moment, Apple outlines the vulnerability and its repair:

CoreGraphics

Out there for: iPhone 6s and later, iPad Professional (all fashions), iPad Air 2 and later, iPad fifth era and later, iPad mini 4 and later, and iPod contact (seventh era)

Affect: Processing a maliciously crafted PDF might result in arbitrary code execution. Apple is conscious of a report that this problem might have been actively exploited.

Description: An integer overflow was addressed with improved enter validation.

CVE-2021-30860: The Citizen Lab

There’s additionally a repair for a WebKit vulnerability:

WebKit

Out there for: iPhone 6s and later, iPad Professional (all fashions), iPad Air 2 and later, iPad fifth era and later, iPad mini 4 and later, and iPod contact (seventh era)

Affect: Processing maliciously crafted internet content material might result in arbitrary code execution. Apple is conscious of a report that this problem might have been actively exploited.

Description: A use after free problem was addressed with improved reminiscence administration.

CVE-2021-30858: an nameless researcher

The total particulars on at the moment’s safety updates could be discovered on the following hyperlinks:

FTC: We use earnings incomes auto affiliate hyperlinks. More.


Check out 9to5Mac on YouTube for more Apple news:

Recent Articles

These are the best possible Recreation Cross video games which you could play in your cellphone

Supply: Russell Holly / Android Central Android avid gamers have a complete new world open when taking part in video video games on their cell...

Cell Video Month-to-month #17 – September 2021 – Apptamin

Apple lastly launched iOS 15 on the twentieth simply after asserting the brand new iPhone, Pinterest is the final one in an extended line...

Roving bands of Ford ‘Cost Angels’ will restore EV charging stations | Engadget

With the set to debut early subsequent yr, Ford plans to make use of a bunch of “Cost Angels” to make sure house...

Related Stories

Stay on op - Ge the daily news in your inbox