Please share the following information with your teams.
Information Security has noticed a zero-day vulnerability (CVE-2021-30806) for Apple iPhones, iPad, Apple watch and Mac OS exploited in the wild. The vulnerability allows a remote attacker to execute arbitrary code on the target system.
Severity level
CVSS Score: (High) 8.4
Description
The vulnerability exists due to integer overflow when processing PDF files within the CoreGraphics component. A remote attacker can trick the victim to open a specially crafted PDF file, trigger integer overflow and execute arbitrary code on the target system.
Affected Versions
All iPhones with iOS versions prior to 14.8, All Mac computers with operating system versions prior to OSX Big Sur 11.6, Security Update 2021-005 Catalina, and all Apple Watches prior to watchOS 7.6.2
Impact
An attacker could exploit these vulnerability to take control of an affected device.
