Apple security updates: iOS 14.7 fixes WiFiDemon flaw

Apple has released security updates for macOS Big Sur (11.5), Catalina (10.15) and Mojave (10.14), as well as iOS (14.7) and iPadOS (14.7).

security iOS 14.7

There is no indication that Apple has fixed any vulnerabilities that may be exploited to deliver NSO Group’s Pegasus spyware via “zero-click” iMessage attacks.

macOS security updates

macOS Big Sur (11.5) comes with fixes for a multitude of security issues.

Most of these may lead to arbitrary code execution, allow malicious applications to gain root privileges, or allow a sandboxed process to circumvent sandbox restrictions.

Among the more interesting bugs that have been splatted are multiple issues (CVE-2021-30784) that may allow a local attacker to execute code on the Apple T2 Security Chip, and two bugs (CVE-2021-30778, CVE-2021-30798) that may allow a malicious application to bypass Privacy preferences – though, as per usual, Apple has not shared any details about them.

The macOS Catalina and Mojave security updates deliver many of the same fixes, but also additional ones such as that for CVE-2021-30731, a vulnerability that may be exploited by an unprivileged application to capture USB devices.

iOS 14.7 and iPadOS 14.7: Security fixes

The vulnerabilities fixed iOS 14.7 and iPadOS 14.7 have been listed in the same document.

Again, many of the fixed issues are the same ones fixed in macOS, but others are specific to these mobile operating systems.

The more unusual of latter are several issues reported by Linus Henze, a researcher with German IT security company Pinauten, which could allow a malicious application to bypass code signing checks or a malicious attacker to bypass Pointer Authentication and kernel memory mitigations.

Finally, the update fixes CVE-2021-30800 (aka WiFiDemon), a vulnerability that could lead to DoS or RCE if the user joins a malicious Wi-Fi network.

Don't miss