TLP Rating: White

Apple iMessage vulnerability targeted by attackers

CERT Vanuatu (CERTVU) and the Office of the Chief Information was alerted of this vulnerabilities by its international partners. The CERTVU office would like to advise users that apple has released a software update for iOS, macOS and watchOS due to vulnerabilities discovered.

 

What this means

Apple has detected and identified vulnerabilities affecting three of their operating system:

  • iOS
  • MacOS
  • WatchOS

What are the impacts

The vulnerability affects all apple devices and below are the two impacts on apple devices and the operating system.

Core Graphics
Impacts: Processing a malicious craft PDF may lead to arbitrary code execution.
        
WebKit
Impacts: Processing maliciously crafted web content may lead to arbitrary code execution.

 

What to do

Ensure all latest updates on your Apple devices are installed on iOS, macOS and watchOS operating systems whenever the update is available. Most device should alert you and you should select “Update Now”.

Users not receiving a “popup” massage for update, can manually update using the below:

For iOS and iPhones:
Settings > General > Software Update

For Mac:
System preferences > Software Update

For Apple Watch:
My watch > General > Software Update

References

  1. Apple iMessage vulnerability targeted by attackers | CERT NZ
  2. Apple Releases Security Updates to Address CVE-2021-30858 and CVE-2021-30860 | CISA