iOS/iPadOS 14.8 update fixes major security loophole in Apple devices

Apple has released a new update - iOS 14.8 and iPadOS 14.8 - that addresses important security issues that may have been actively exploited. The update is rolling out to iPhone 6s and later, iPad Pro, iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation).

The iOS/iPadOS 14.8 update addresses CoreGraphics vulnerability, CVE-2021-30860, which was discovered by The Citizen Lab as well as the WebKit vulnerability, CVE-2021-30858, which was reported by an anonymous researcher. Below are the security content of iOS 14.8 and iPadOS 14.8 update:

CoreGraphics

Impact: Processing a maliciously crafted PDF may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.

Description: An integer overflow was addressed with improved input validation.

CVE-2021-30860: The Citizen Lab

WebKit

Impact: Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.

Description: A use after free issue was addressed with improved memory management.

CVE-2021-30858: an anonymous researcher

Meanwhile, Apple has also released the watchOS 7.6.2, macOS Big Sur 11.6, Safari 14.1.2 updates, which also address the same vulnerabilities. Given its nature, Apple is recommending this update for all users. The update is available for:

• watchOS 7.6.2 - Apple Watch Series 3 and later
• macOS Big Sur 11.6 - macOS Big Sur
• Safari 14.1.2 - macOS Catalina and macOS Mojave