Security News > 2021 > May > Apple patches dangerous security holes, one in active use – update now!

Apple patches dangerous security holes, one in active use – update now!
2021-05-25 18:30

We're much more interested in the security patches that arrived in the update to iOS 14.6, because Apple fixed 38 significant bugs, covered by 43 different CVE bug numbers.

For what it's worth, the update to macOS Big Sur 11.4 shared many of those bugs with iOS, as well as adding a raft of its own, with 58 significant bugs patched, covered by 73 different CVE bug numbers.

Perhaps even more importantly, one of the Big Sur bugs that was patched, now dubbed CVE-2021-30713, is a security flaw that is already known to criminals and has already and quietly been exploited in the wild.

According to security researchers at Mac management software company Jamf, this bug provides a sneaky way for a simple AppleScript utility with no special permissions at all to "Leech off" the permissions of an an already-installed app.

RCE bugs in handling image or audio files are particularly dangerous because those files are commonly used in web pages, where your browser reads them in and processes them automatically even if all you do is look at a website.

Apple's mobile platforms don't include Microsoft-compatible networking code, so they aren't affected by the smbx bugs, but iOS does get a patch for a Wi-Fi bug dubbed CVE-2021-30667 and explained with the words: "An attacker in WiFi range may be able to force a client to use a less secure authentication mechanism."


News URL

https://nakedsecurity.sophos.com/2021/05/25/apple-patches-dangerous-security-holes-one-in-active-use-update-now/

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2021-09-08 CVE-2021-30713 Improper Input Validation vulnerability in Apple mac OS X and Macos
A permissions issue was addressed with improved validation.
local
low complexity
apple CWE-20
7.8
2021-09-08 CVE-2021-30667 Improper Authentication vulnerability in Apple Iphone OS
A logic issue was addressed with improved validation.
low complexity
apple CWE-287
5.4

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Apple 68 212 1433 2208 257 4110