High Threat Security Alert (A21-04-10): Multiple Vulnerabilities in Apple iOS and iPadOS
27 April 2021
Apple has released iOS 14.5 and iPadOS 14.5 to fix the vulnerabilities in various Apple devices. The list of vulnerability information can be found at:
Active exploitation against the arbitrary code execution vulnerability in iOS and iPadOS (CVE-2021-30661) has been observed. System administrators are advised to take immediate action to patch affected systems to mitigate the elevated risk of cyber attacks.
iPhone 6s and later
iPad 5th generation and later, Air 2 and later, mini 4 and later, Pro (all models)
iPod touch (7th generation)
Depending on the vulnerability exploited, a successful exploitation could lead to arbitrary code execution, cross-site scripting, denial of service, tampering, information disclosure, privilege escalation, security restriction bypass or system corruption on an affected device.
Apple has released new version of iOS and iPadOS to address the issue.
The updates can be obtained through the auto-update mechanism. Users of affected systems should follow the recommendations provided by the product vendor and take immediate actions to mitigate the risk.