Security Advisory: Apple macOS Zero-Day Vulnerability (MAY UPDATE)
MAY 7, 2021: ADDITIONAL APPLE VULNERABILITIES AND PATCHES
Atomic Data recommends immediately applying Software Updates to each of your Apple products to resolve a security vulnerability that presents the risk of compromise and takeover.
VULNERABILITY OVERVIEW:
On Tuesday, May 4th, Apple released macOS, iOS, iPadOS, and watchOS Security Updates to patch zero-day exploits actively being used to deploy malware. The most severe vulnerability permits arbitrary code execution on devices that come into contact with infected code via web browsers or other applications.
ACT NOW TO ADDRESS THE RISK:
An attacker need only create or infect a website and attack anyone visiting the page to infect their system. Warn your users to be alert to the likely attack methods and not to visit untrusted websites or follow links provided by untrusted or unknown sources.
To fully address the risk, you should apply all available updates from Apple as soon as possible. Affected operating systems include:
- iOS prior to version 14.5.1
- iOS prior to version 12.5.3
- iPadOS prior to version 14.5.1
- watchOS prior to version 7.4.1
GETTING ASSISTANCE:
If you would like assistance with remediation of this security vulnerability, please open a ticket with Atomic Data’s Service Desk (612.466.2020) or contact your Account Coordinator.
FURTHER INFORMATION:
Third-Party Overviews:
Update Details:
macOS Big Sur – https://support.apple.com/en-us/HT212335
iOS 14.5.1 and iPadOS 14.5.1 – https://support.apple.com/en-us/HT212336
watchOS 7.4.1 – https://support.apple.com/en-us/HT212339
iOS 12.5.3 – https://support.apple.com/en-us/HT212341
CVEs:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30661
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30663
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30665
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30666
APRIL 27 NOTIFICATION: Atomic Data recommends immediately applying all available macOS Software Updates to each of your Mac systems to resolve a security vulnerability that presents the risk of compromise and takeover.
VULNERABILITY OVERVIEW:
On Monday, April 26, Apple released macOS Security Updates for all three supported versions of macOS to patch a zero-day exploit actively being used to deploy malware. The vulnerability permits bypass of critical security features of macOS that would normally prevent users from installing suspicious software.
ACT NOW TO ADDRESS THE RISK:
An attacker needs at least some user interaction for this attack to be successful, so you can mitigate the risk while updates are still being applied. Warn your users to be alert to the likely attack methods, which include email phishing attempts and pop-up invitations in web browsers to update or install software.
To fully address the risk, you should apply all available macOS updates as soon as possible. For Macs running Big Sur, apply the macOS Big Sur 11.3 update. For systems still running macOS Catalina 10.15.7 or macOS Mojave 10.14.6, a new Security Update will appear in Software Update when you click on “More info…” just below “Other updates are available.”
GETTING ASSISTANCE:
If you would like assistance with remediation of this security vulnerability, please open a ticket with Atomic Data’s Service Desk (612-466-2020) or contact your Account Coordinator.
FURTHER INFORMATION:
Third-Party Overviews:
https://www.techradar.com/news/update-now-critical-macos-security-flaw-patched-in-big-sur-113
https://objective-see.com/blog/blog_0x64.html
macOS Update details:
Big Sur: https://support.apple.com/en-us/HT212325
Catalina: https://support.apple.com/en-us/HT212326
Mojave: https://support.apple.com/en-us/HT212327
CVEs – Currently a Reservation with minimal information:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30657
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30658
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1810