Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: Multiple Apple Patches for October 2021 SANS ISC InfoSec Forums

Watch ISC TV. Great for NOCs, SOCs and Living Rooms: https://isctv.sans.edu

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Multiple Apple Patches for October 2021

With the recent release of macOS Monterey 12.0.1, multiple security vulnerabilities were addressed [1]. For users who were not keen to update to macOS Monterey either due to personal or operational reasons, security updates for macOS Catalina [2] and macOS Big Sur [3] were also made available.

However, Apple has yet released another set of security updates for macOS Big Sur and macOS Catalina, and specifically for Safari on those 2 operating systems just a few hours ago [4]. The security updates fixes WebKit related vulnerabilities (CVE-2021-30887,  CVE-2021-30888, CVE-2021-30889 and CVE-2021-30890). The security updates for these vulnerabilities were included in the macOS Monterey 12.0.1 release [1], but were not present in the security updates for macOS Catalina [2] and macOS Big Sur [3] released recently.

Users who installed Security Update 2021-007 Catalina or macOS Big Sur 11.6.1 might have thought that was all for security updates, but there’s still one more to install! Although there has been no indication that this issue may have been actively exploited, it is recommended that affected devices be updated as soon as possible.

References:
[1] https://support.apple.com/kb/HT212869
[2] https://support.apple.com/kb/HT212871
[3] https://support.apple.com/kb/HT212872
[4] https://support.apple.com/kb/HT212875

-----------
Yee Ching Tok, ISC Handler
Personal Site
Twitter

Yee Ching

19 Posts
ISC Handler
Oct 28th 2021

Sign Up for Free or Log In to start participating in the conversation!