This week, Apple released iOS 14.7, iPadOS 14.7, and others to all users. The company has now provided a document that shows all security-related improvements.
According to its own information, Apple has fixed a number of security vulnerabilities in iOS 14.7 and iPadOS 14.7. The list is quite long and shows how important the new updates are. Among other things, vulnerabilities in WebKit, Find My and more have been fixed. Interestingly, the Pegasus spyware is not mentioned at all in the security updates. As a reminder, this was used to spy on human rights activists, lawyers, journalists and politicians. to spy onThe tool uses Apple's iMessage system as a vector to carry out zero-click attacks. It remains unclear when Apple will close this security hole.
iOS 14.7 & iPadOS 14.7: Updates are strongly recommended
In addition, there are security fixes in macOS Big Sur 11.5, tvOS 14.7 and watchOS 7.6. For Mac users who use older versions of macOS, Apple has released security updates for macOS Catalina and macOS Mojave. Be that as it may. Below I have the entire content, that Apple has provided, listed verbatim (translated). Accordingly, the updates are strongly recommended and should be installed promptly. (Photo by Unsplash / Brandon Romanchuk)
ActionKit
- Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)
- Impact: A shortcut may be able to bypass Internet permission requirements
- Description: An input validation issue was fixed with improved input validation.
- CVE-2021-30763: Zachary Keffaber (@QuickUpdate5)
Audio
- Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)
- Impact: A local attacker may be able to cause an unexpected application termination or arbitrary code execution
- Description: This issue was resolved with improved validations.
- CVE-2021-30781: tr3e
AVEVideoEncoder
- Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)
- Impact: An application may be able to execute arbitrary code with kernel privileges
- Description: A memory corruption issue was resolved through improved state management.
- CVE-2021-30748: George Nosenko
CoreAudio
- Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)
- Impact: Processing a maliciously crafted audio file may lead to arbitrary code execution
- Description: A memory corruption issue was resolved through improved state management.
- CVE-2021-30775: JunDong Xie from Ant Security Light-Year Lab
CoreAudio
- Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)
- Impact: Playing a malicious audio file may cause the application to terminate unexpectedly
- Description: A logic issue was fixed with improved validation.
- CVE-2021-30776: JunDong Xie from Ant Security Light-Year Lab
CoreGraphics
- Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)
- Impact: Opening a maliciously crafted PDF file may lead to unexpected application termination or arbitrary code execution
- Description: A race condition was addressed with improved state handling.
- CVE-2021-30786: ryuzaki
CoreText
- Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)
- Impact: Processing a maliciously crafted font file may lead to arbitrary code execution
- Description: An out-of-bounds read was addressed with improved input validation.
- CVE-2021-30789: Mickey Jin (@patch1t) from Trend Micro, Sunglin from Knownsec 404 Team
Crash Reporter
- Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)
- Impact: A malicious application may be able to gain root privileges
- Description: A logic issue was fixed with improved validation.
- CVE-2021-30774: Yizhuo Wang from the Group of Software Security In Progress (GOSSIP) at Shanghai Jiao Tong University
CVMS
- Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)
- Impact: A malicious application may be able to gain root privileges
- Description: An out-of-bounds write issue was fixed with improved bounds checking functionality.
- CVE-2021-30780: Tim Michaud(@TimGMichaud) from Zoom Video Communications
dyld
- Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)
- Impact: A sandboxed process may be able to bypass sandbox restrictions
- Description: A logic issue was fixed with improved validation.
- CVE-2021-30768: Linus Henze (pinauten.de)
Find My
- Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)
- Impact: A malicious application can access Find My data
- Description: A permission issue was fixed with improved validation.
- CVE-2021-30804: Csaba Fitzl (@theevilbit) from Offensive Security
FontParser
- Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)
- Impact: Processing a maliciously crafted font file may lead to arbitrary code execution
- Description: An integer overflow was fixed through improved input validation.
- CVE-2021-30760: Sunglin from Knownsec 404 Team
FontParser
- Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)
- Impact: Processing a maliciously crafted tiff file may lead to a denial of service or possibly disclose memory contents
- Description: This issue was resolved with improved validations.
- CVE-2021-30788: tr3e collaborates with the Trend Micro Zero Day Initiative
FontParser
- Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)
- Impact: Processing a maliciously crafted font file may lead to arbitrary code execution
- Description: A stack overflow was fixed with improved input validation.
- CVE-2021-30759: hjy79425575 in collaboration with Trend Micro Zero Day Initiative
identity service
- Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)
- Impact: A malicious application may be able to bypass code signing checks
- Description: A code signature validation issue was fixed with improved checks.
- CVE-2021-30773: Linus Henze (pinauten.de)
image processing
- Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)
- Impact: Processing maliciously crafted web content may lead to arbitrary code execution
- Description: A use after free issue was fixed with improved memory management.
- CVE-2021-30802: Matthew Denton from Google Chrome Security
ImageIO
- Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)
- Impact: Processing a maliciously crafted image may lead to arbitrary code execution
- Description: This issue was resolved with improved validations.
- CVE-2021-30779: Jzhu, Ye Zhang(@co0py_Cat) from Baidu Security
ImageIO
- Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)
- Impact: Processing a maliciously crafted image may lead to arbitrary code execution
- Description: A buffer overflow was fixed with improved bounds checking.
- CVE-2021-30785: CFF from Topsec Alpha Team, Mickey Jin (@patch1t) from Trend Micro
kernel
- Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)
- Impact: A malicious attacker with arbitrary read and write capabilities may be able to bypass pointer authentication
- Description: A logic issue was fixed with improved state management.
- CVE-2021-30769: Linus Henze (pinauten.de)
kernel
- Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)
- Impact: An attacker who has already achieved kernel code execution might be able to bypass kernel memory vulnerabilities
- Description: A logic issue was fixed with improved validation.
- CVE-2021-30770: Linus Henze (pinauten.de)
libxml2
- Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)
- Impact: A remote attacker may be able to cause arbitrary code execution
- Description: This issue was resolved with improved validations.
- CVE-2021-3518
measure
- Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)
- Impact: Multiple issues in libwebp
- Description: Several issues were resolved by updating to version 1.2.0.
- CVE-2018-25010
- CVE-2018-25011
- CVE-2018-25014
- CVE-2020-36328
- CVE-2020-36329
- CVE-2020-36330
- CVE-2020-36331
Model I/O
- Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)
- Impact: Processing a maliciously crafted image may result in a denial of service
- Description: A logic issue was fixed with improved validation.
- CVE-2021-30796: Mickey Jin (@patch1t) from Trend Micro
Model: I/O
- Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)
- Impact: Processing a maliciously crafted image may lead to arbitrary code execution
- Description: An out-of-bounds write was addressed with improved input validation.
- CVE-2021-30792: Anonymous collaborates with Trend Micro Zero Day Initiative
Model I/O
- Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)
- Impact: Processing a maliciously crafted file may disclose user information
- Description: An out-of-bounds read was fixed with improved bounds checking.
- CVE-2021-30791: Anonymous collaborates with Trend Micro Zero Day Initiative
TCC
- Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)
- Impact: A malicious application may be able to bypass certain privacy settings
- Description: A logic issue was fixed with improved state management.
- CVE-2021-30798: Mickey Jin (@patch1t) from Trend Micro
WebKit
- Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)
- Impact: Processing maliciously crafted web content may lead to arbitrary code execution
- Description: A type confusion issue was fixed with improved state handling.
- CVE-2021-30758: Christoph Guttandin from Media Codings
WebKit
- Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)
- Impact: Processing maliciously crafted web content may lead to arbitrary code execution
- Description: A use after free issue was fixed with improved memory management.
- CVE-2021-30795: Sergei Glazunov from Google Project Zero
WebKit
- Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)
- Impact: Processing maliciously crafted web content may lead to code execution
- Description: This issue was resolved with improved validations.
- CVE-2021-30797: Ivan Fratric from Google Project Zero
WebKit
- Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)
- Impact: Processing maliciously crafted web content may lead to arbitrary code execution
- Description: Several memory corruption issues were addressed through improved memory handling.
- CVE-2021-30799: Sergei Glazunov from Google Project Zero
Wi-Fi
- Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)
- Impact: Joining a malicious Wi-Fi network may result in a denial of service or arbitrary code execution
- Description: This issue was resolved with improved validations.
- CVE-2021-30800: vm_call, Nozhdar Abdulkhaleq Shukri
Do you already know our Amazon Storefront? There you will find a hand-picked selection of various products for your iPhone and Co. have fun browsing.
The article contains affiliate links.
Was this article helpful?
YesNo
