Apple has released a security update to address two actively exploited zero-day vulnerabilities. The first vulnerability, also known as FORCEDENTRY, is related an integer overflow bug that could allow an attacker to create PDF documents that can execute commands when opened in iOS and macOS. The second vulnerability could allow an attacker to create a malicious web page that can execute commands when visited by iOS and macOS devices such as an iPhone. An attacker could exploit some of these vulnerabilities to take control of an affected device.

Remediation advice

Affected organisations are encouraged to review the Apple security page and apply the necessary updates.

Remediation steps

Type	Step
Patch	macOS Big Sur 11.6 https://support.apple.com/en-us/HT212804
Patch	Security Update 2021-005 Catalina https://support.apple.com/en-gb/HT212805
Patch	watchOS 7.6.2 https://support.apple.com/en-us/HT212806
Patch	iOS 14.8 https://support.apple.com/en-us/HT212807
Patch	iPadOS 14.8 https://support.apple.com/en-us/HT212807
Patch	Safari 14.1.2 https://support.apple.com/en-gb/HT212808

CVE Vulnerabilities

Status Rejected

CVE-2021-30858

Status Rejected

CVE-2021-30860

Last edited: 14 September 2021 12:33 pm