News

Apple Releases iOS 14.8.1 & iPadOS 14.8.1 – Includes Multiple Security Updates

Apple on Tuesday released iOS 14.8.1 and iPadOS 14.8.1, which contain security fixes for devices still running the iOS 14 and iPadOS 14 operating systems.

The 14.8.1 update is available as an over-the-air update on eligible devices, in the Settings app. To access the new software, go to “Settings” -> “General” -> “Software Update.

According to Apple’s security support document, the update addresses a number of vulnerabilities with Sidecar, WebKit, Voice Control, the Status Bar, and more.

iOS 14.8.1 and iPadOS 14.8.1

Released October 26, 2021

Audio

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: A malicious application may be able to elevate privileges

Description: An integer overflow was addressed through improved input validation.

CVE-2021-30907: Zweig of Kunlun Lab

ColorSync

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: Processing a maliciously crafted image may lead to arbitrary code execution

Description: A memory corruption issue existed in the processing of ICC profiles. This issue was addressed with improved input validation.

CVE-2021-30917: Alexandru-Vlad Niculae and Mateusz Jurczyk of Google Project Zero

Continuity Camera

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: A local attacker may be able to cause unexpected application termination or arbitrary code execution

Description: This issue was addressed with improved checks.

CVE-2021-30903: an anonymous researcher

CoreGraphics

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: Processing a maliciously crafted PDF may lead to arbitrary code execution

Description: An out-of-bounds write was addressed with improved input validation.

CVE-2021-30919

GPU Drivers

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: A malicious application may be able to execute arbitrary code with kernel privileges

Description: An out-of-bounds write issue was addressed with improved bounds checking.

CVE-2021-30900: Yinyi Wu (@3ndy1) of Ant Security Light-Year Lab

IOMobileFrameBuffer

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: An application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited.

Description: A memory corruption issue was addressed with improved memory handling.

CVE-2021-30883: an anonymous researcher

Kernel

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: An application may be able to execute arbitrary code with kernel privileges

Description: A memory corruption issue was addressed with improved memory handling.

CVE-2021-30909: Zweig of Kunlun Lab

Kernel

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: A malicious application may be able to execute arbitrary code with kernel privileges

Description: A memory corruption issue was addressed with improved memory handling.

CVE-2021-30916: Zweig of Kunlun Lab

Sidecar

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: A local attacker may be able to cause unexpected application termination or arbitrary code execution

Description: This issue was addressed with improved checks.

CVE-2021-30903: an anonymous researcher

Status Bar

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: A user may be able to view restricted content from the Lock Screen

Description: A Lock Screen issue was addressed with improved state management.

CVE-2021-30918: videosdebarraquito

Voice Control

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: A local attacker may be able to cause unexpected application termination or arbitrary code execution

Description: A use after free issue was addressed with improved memory management.

CVE-2021-30902: 08Tc3wBB of ZecOps Mobile EDR Team

WebKit

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: A malicious website using Content Security Policy reports may be able to leak information via redirect behavior 

Description: An information leakage issue was addressed.

CVE-2021-30888: Prakash (@1lastBr3ath)

Apple has made upgrading to iOS 15 optional, allowing users to keep their devices on iOS 14 if they so desire. Apple will continue to release security fixes for iOS 14, but will not introduce new features, which will be limited to iOS 15.

Chris Hauk

Chris is a Senior Editor at Mactrast. He lives somewhere in the deep Southern part of America, and yes, he has to pump in both sunshine and the Internet.