Severity
High
Analysis Summary
CVE-2021-30858
Apple Safari, macOS Big Sur, iOS, and iPadOS could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free in the WebKit component. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVE-2021-30860
Apple Safari, macOS Big Sur, iOS, iPadOS, Catalina and watchOS could allow a remote attacker to execute arbitrary code on the system, caused by an integer overflow in the CoreGraphics component. By persuading a victim to open a specially crafted PDF file, an attacker could exploit this vulnerability to execute arbitrary code on the system.
Impact
- Code Execution
- Integer Overflow
Affected Products
- Apple Safari 14.1.1
- Apple macOS Big Sur 11.5.0
- Apple iOS 14.7
- Apple iPadOS 14.7
- Apple watchOS 7.6.1
- Apple macOS Catalina
Remediation
Refer to the Apple security document for the patch, upgrade, or suggested workaround information:
For iOS 14.8 and iPadOS 14.8
https://support.apple.com/en-us/HT212807
For Catalina
https://support.apple.com/en-us/HT212805
For watchOS 7.6.2
https://support.apple.com/en-us/HT212806
For macOS Big Sur 11.6
https://support.apple.com/en-us/HT212804
For Safari 14.1.2