Apple has released security updates for macOS Big Sur (11.5), Catalina (10.15) and Mojave (10.14), as well as iOS (14.7) and iPadOS (14.7).
There is no indication that Apple has fixed any vulnerabilities that may be exploited to deliver NSO Group’s Pegasus spyware via “zero-click” iMessage attacks.
macOS security updates
macOS Big Sur (11.5) comes with fixes for a multitude of security issues.
Most of these may lead to arbitrary code execution, allow malicious applications to gain root privileges, or allow a sandboxed process to circumvent sandbox restrictions.
Among the more interesting bugs that have been splatted are multiple issues (CVE-2021-30784) that may allow a local attacker to execute code on the Apple T2 Security Chip, and two bugs (CVE-2021-30778, CVE-2021-30798) that may allow a malicious application to bypass Privacy preferences – though, as per usual, Apple has not shared any details about them.
The macOS Catalina and Mojave security updates deliver many of the same fixes, but also additional ones such as that for CVE-2021-30731, a vulnerability that may be exploited by an unprivileged application to capture USB devices.
Details: Apple says https://t.co/itng2JkNgR.vm.device-access entitlement (requires registration) OR running an app as root is required to capture USB. But on < macOS 11.4 it wasn’t enforced at all so any app can capture your USB keyboard or most other USB devices.
— UTM (@UTMapp) July 21, 2021
iOS 14.7 and iPadOS 14.7: Security fixes
The vulnerabilities fixed iOS 14.7 and iPadOS 14.7 have been listed in the same document.
Again, many of the fixed issues are the same ones fixed in macOS, but others are specific to these mobile operating systems.
The more unusual of latter are several issues reported by Linus Henze, a researcher with German IT security company Pinauten, which could allow a malicious application to bypass code signing checks or a malicious attacker to bypass Pointer Authentication and kernel memory mitigations.
Finally, the update fixes CVE-2021-30800 (aka WiFiDemon), a vulnerability that could lead to DoS or RCE if the user joins a malicious Wi-Fi network.
After joining my personal WiFi with the SSID “%p%s%s%s%s%n”, my iPhone permanently disabled it’s WiFi functionality. Neither rebooting nor changing SSID fixes it :~) pic.twitter.com/2eue90JFu3
— Carl Schou (@vm_call) June 18, 2021