Apple released security updates for macOS, iOS, iPadOS, watchOS and Safari fixing two vulnerabilities (CVE-2021-30860, CVE-2021-30858) that have been exploited in attacks under real world conditions.
These vulnerabilities allow attackers to deliver malicious software to a device, without the device’s owner having to click on a link or attachment. So far, attacks exploiting these vulnerabilities have targeted at specific people, such as an unnamed activist whose phone was infected with spyware.
Apple released the following security updates:
- iOS 14.8 and iPadOS 14.8 for iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)
- watchOS 7.6.s for Apple Watch Series 3 and later
- macOS Big Sur 11.6 for macOS Big Sur
- Security Update 2021-005 Catalina for macOS Catalina
- Safari 14.1.2 for macOS Catalina and macOS Mojave
We urge anyone using affected devices or software to update them immediately. Please refer to the following documents:
Faculty and staff: If your university-owned machine is managed by your IT department, please contact your local IT staff. Other questions may be directed to the DoIT Help Desk.
As a reminder, here is information about what the DoIT Help Desk is able to help you with, depending on whether your device is university-owned or personally-owned: https://it.wisc.edu/news/repair-options-for-personal-computers-and-devices/