TLP Rating: Clear 
Apple iMessage vulnerability targeted by attackers
CERT Vanuatu (CERTVU) and the Office of the Chief Information was alerted of this vulnerabilities by its international partners.
The CERTVU office would like to advise users that apple has released a software update for iOS, macOS and watchOS due to vulnerabilities discovered.
What this means
Apple has detected and identified vulnerabilities affecting three of their operating system:
- iOS
- MacOS
- WatchOS
What are the impacts
The vulnerability affects all apple devices and below are the two impacts on apple devices and the operating system.
Core Graphics
Impacts: Processing a malicious craft PDF may lead to arbitrary code execution.
WebKit
Impacts: Processing maliciously crafted web content may lead to arbitrary code execution.
What to do
Ensure all latest updates on your Apple devices are installed on iOS, macOS and watchOS operating systems whenever the update is available. Most device should alert you and you should select “Update Now”.
Users not receiving a “popup” massage for update, can manually update using the below:
For iOS and iPhones:
Settings > General > Software Update
For Mac:
System preferences > Software Update
For Apple Watch:
My watch > General > Software Update
References
- Apple iMessage vulnerability targeted by attackers | CERT NZ
- Apple Releases Security Updates to Address CVE-2021-30858 and CVE-2021-30860 | CISA
- Download advisory (English): Apple iMessage vulnerability targeted by attackers
- Telecharger avis (French): Vulnérabilité d'Apple iMessage ciblée par des attaquants
- Download (Bislama): Vulnerabiliti blong Apple iMessage