Skip to main content Skip to local navigation

Service Advisory – CVE-2021-30860 (FORCEDENTRY)

 

A picture containing text  Description automatically generated

 

Service Advisory

 

Please share the following information with your teams.

 

Information Security has noticed a zero-day vulnerability (CVE-2021-30806) for Apple iPhones, iPad, Apple watch and Mac OS exploited in the wild. The vulnerability allows a remote attacker to execute arbitrary code on the target system.

 

Severity level 

CVSS Score: (High) 8.4

  

Description

The vulnerability exists due to integer overflow when processing PDF files within the CoreGraphics component. A remote attacker can trick the victim to open a specially crafted PDF file, trigger integer overflow and execute arbitrary code on the target system.

 

Affected Versions

All iPhones with iOS versions prior to 14.8, All Mac computers with operating system versions prior to OSX Big Sur 11.6, Security Update 2021-005 Catalina, and all Apple Watches prior to watchOS 7.6.2  

Impact 

An attacker could exploit these vulnerability to take control of an affected device.

 

Resolution 

Apple released security updates.

https://support.apple.com/en-ca/HT212805

  

Reference 

https://us-cert.cisa.gov/ncas/current-activity/2021/09/13/apple-releases-security-updates-address-cve-2021-30858-and-cve

https://www.cybersecurity-help.cz/vdb/SB2021091321

https://support.apple.com/en-ca/HT212805

 

Contact:

UIT Client Services at askit@yorku.ca or 416 736 5800

 

PRIVACY POLICY | VISIT WWW.YORKU.CA
This email was sent by: York University, 4700 Keele Street, Toronto, Ontario M3J 1P3

This email is viewed best in Microsoft Outlook for web