High Threat Security Alert (A21-05-02): Multiple Vulnerabilities in Apple iOS and iPadOS

Description:

Apple has released iOS 14.5.1 and iPadOS 14.5.1 as well as iOS 12.5.3 to fix the vulnerabilities in various Apple devices. The vulnerabilities could be exploited by enticing a user to open a specially crafted webpage. The details of vulnerability information can be found at:

https://support.apple.com/zh-hk/HT212336
https://support.apple.com/zh-hk/HT212341

Active exploitations against the vulnerabilities in iOS and iPadOS (CVE-2021-30661, CVE-2021-30663, CVE-2021-30665, CVE-2021-30666) have been observed. System administrators are advised to take immediate action to patch affected systems to mitigate the elevated risk of cyber attacks.

Affected Systems:

• iPhone 5s and later
• iPad 5th generation and later, Air and later, mini 2 and later, Pro (all models)
• iPod touch (6th generation and later)

Impact:

A successful exploitation could lead to arbitrary code execution on an affected device.

Recommendation:

Apple has released new version of iOS and iPadOS to address the issue:

The updates can be obtained through the auto-update mechanism. Users of affected systems should follow the recommendations provided by the product vendor and take immediate actions to mitigate the risk.

More Information:

• https://support.apple.com/zh-hk/HT212336
• https://support.apple.com/zh-hk/HT212341
• https://www.hkcert.org/security-bulletin/apple-products-multiple-vulnerabilities_20210504
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30661
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30663
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30665
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30666