Description:
Apple has released iOS 14.5 and iPadOS 14.5 to fix the vulnerabilities in various Apple devices. The list of vulnerability information can be found at:
https://support.apple.com/zh-hk/HT212317
Active exploitation against the arbitrary code execution vulnerability in iOS and iPadOS (CVE-2021-30661) has been observed. System administrators are advised to take immediate action to patch affected systems to mitigate the elevated risk of cyber attacks.
Affected Systems:
- iPhone 6s and later
- iPad 5th generation and later, Air 2 and later, mini 4 and later, Pro (all models)
- iPod touch (7th generation)
Impact:
Depending on the vulnerability exploited, a successful exploitation could lead to arbitrary code execution, cross-site scripting, denial of service, tampering, information disclosure, privilege escalation, security restriction bypass or system corruption on an affected device.
Recommendation:
Apple has released new version of iOS and iPadOS to address the issue.
The updates can be obtained through the auto-update mechanism. Users of affected systems should follow the recommendations provided by the product vendor and take immediate actions to mitigate the risk.
More Information:
- https://support.apple.com/zh-hk/HT212317
- https://www.hkcert.org/security-bulletin/apple-products-multiple-vulnerabilities_20210427
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7463
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1739
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1740
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1807 (to CVE-2021-1809)
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1811
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1813
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1815 (to CVE-2021-1817)
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1820
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1822
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1825
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1826
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1830
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1831
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1832
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1835 (to CVE-2021-1837)
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1843
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1846
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1848
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1849
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1851
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1852
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1854
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1857
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1858
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1860
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1864
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1865
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1867
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1868
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1872
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1874
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1875
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1877
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1881 (to CVE-2021-1885)
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30652
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30653
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30656
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30659
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30660
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30661
