<!--X-Body-Begin-->
<!--X-User-Header-->
<a href="/fulldisclosure/"><img src="/images/fulldisclosure-logo.png" class="l-logo right" alt="fulldisclosure logo" width="80"></a>
<h2 class="m-list"><a href="/fulldisclosure/">Full Disclosure</a>
mailing list archives</h2>
<!--X-User-Header-End-->
<!--X-TopPNI-->
<div class="nav-bar">
<div class="nav-link">
<a href="48"><img src="/images/left-icon-16x16.png" alt="Previous" width="16" height="16"></a>
<a href="date.html#54">By Date</a>
<a href="55"><img src="/images/right-icon-16x16.png" alt="Next" width="16" height="16"></a>
</div>
<div class="nav-link">
<a href="48"><img src="/images/left-icon-16x16.png" alt="Previous" width="16" height="16"></a>
<a href="index.html#54">By Thread</a>
<a href="55"><img src="/images/right-icon-16x16.png" alt="Next" width="16" height="16"></a>
</div>
<form class="nst-search center" action="/search/fulldisclosure">
<input class="nst-search-q" name="q" type="search" placeholder="List Archive Search">
<button class="nst-search-button" title="Search">
<img style="width:100%;aspect-ratio:1/1;" alt="" aria-hidden="true" src="/shared/images/nst-icons.svg#search">
</button>
</form>
</div>
<!--X-TopPNI-End-->
<!--X-MsgBody-->
<!--X-Subject-Header-Begin-->
<h1 class="m-title">APPLE-SA-2021-10-26-2 iOS 14.8.1 and iPadOS 14.8.1</h1>
<hr>
<!--X-Subject-Header-End-->
<!--X-Head-of-Message-->
<em>From</em>: Apple Product Security via Fulldisclosure <fulldisclosure () seclists org>
<em>Date</em>: Tue, 26 Oct 2021 16:29:19 -0700
<!--X-Head-of-Message-End-->
<!--X-Head-Body-Sep-Begin-->
<hr>
<!--X-Head-Body-Sep-End-->
<!--X-Body-of-Message-->
<pre style="margin: 0em;">-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
APPLE-SA-2021-10-26-2 iOS 14.8.1 and iPadOS 14.8.1
iOS 14.8.1 and iPadOS 14.8.1 addresses the following issues.
Information about the security content is also available at
<a rel="nofollow" href="https://support.apple.com/HT212868">https://support.apple.com/HT212868</a>.
Audio
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: A malicious application may be able to elevate privileges
Description: An integer overflow was addressed through improved input
validation.
CVE-2021-30907: Zweig of Kunlun Lab
ColorSync
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: Processing a maliciously crafted image may lead to arbitrary
code execution
Description: A memory corruption issue existed in the processing of
ICC profiles. This issue was addressed with improved input
validation.
CVE-2021-30917: Alexandru-Vlad Niculae and Mateusz Jurczyk of Google
Project Zero
Continuity Camera
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: A local attacker may be able to cause unexpected application
termination or arbitrary code execution
Description: This issue was addressed with improved checks.
CVE-2021-30903: an anonymous researcher
CoreGraphics
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: Processing a maliciously crafted PDF may lead to arbitrary
code execution
Description: An out-of-bounds write was addressed with improved input
validation.
CVE-2021-30919
GPU Drivers
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: A malicious application may be able to execute arbitrary code
with kernel privileges
Description: An out-of-bounds write issue was addressed with improved
bounds checking.
CVE-2021-30900: Yinyi Wu (@3ndy1) of Ant Security Light-Year Lab
IOMobileFrameBuffer
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: An application may be able to execute arbitrary code with
kernel privileges. Apple is aware of a report that this issue may
have been actively exploited.
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2021-30883: an anonymous researcher
Kernel
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2021-30909: Zweig of Kunlun Lab
Kernel
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: A malicious application may be able to execute arbitrary code
with kernel privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2021-30916: Zweig of Kunlun Lab
Sidecar
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: A local attacker may be able to cause unexpected application
termination or arbitrary code execution
Description: This issue was addressed with improved checks.
CVE-2021-30903: an anonymous researcher
Status Bar
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: A user may be able to view restricted content from the Lock
Screen
Description: A Lock Screen issue was addressed with improved state
management.
CVE-2021-30918: videosdebarraquito
Voice Control
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: A local attacker may be able to cause unexpected application
termination or arbitrary code execution
Description: A use after free issue was addressed with improved
memory management.
CVE-2021-30902: 08Tc3wBB of ZecOps Mobile EDR Team
WebKit
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: A malicious website using Content Security Policy reports may
be able to leak information via redirect behavior
Description: An information leakage issue was addressed.
CVE-2021-30888: Prakash (@1lastBr3ath)
Additional recognition
WebKit
We would like to acknowledge Ivan Fratric of Google Project Zero for
their assistance.
Installation note:
This update is available through iTunes and Software Update on your
iOS device, and will not appear in your computer's Software Update
application, or in the Apple Downloads site. Make sure you have an
Internet connection and have installed the latest version of iTunes
from <a rel="nofollow" href="https://www.apple.com/itunes/">https://www.apple.com/itunes/</a>
iTunes and Software Update on the device will automatically check
Apple's update server on its weekly schedule. When an update is
detected, it is downloaded and the option to be installed is
presented to the user when the iOS device is docked. We recommend
applying the update immediately if possible. Selecting Don't Install
will present the option the next time you connect your iOS device.
The automatic update process may take up to a week depending on the
day that iTunes or the device checks for updates. You may manually
obtain the update via the Check for Updates button within iTunes, or
the Software Update on your device.
To check that the iPhone, iPod touch, or iPad has been updated:
* Navigate to Settings
* Select General
* Select About
* The version after applying this update will be "14.8.1"
Information will also be posted to the Apple Security Updates
web site: <a rel="nofollow" href="https://support.apple.com/kb/HT201222">https://support.apple.com/kb/HT201222</a>
This message is signed with Apple's Product Security PGP key,
and details are available at:
<a rel="nofollow" href="https://www.apple.com/support/security/pgp/">https://www.apple.com/support/security/pgp/</a>
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEePiLW1MrMjw19XzoeC9qKD1prhgFAmF4gJYACgkQeC9qKD1p
rhhSpg/+O5wkoXNca5mbKH1Ihoj6/Yik5DMwDk458Fi5/42Kn690wsuFIEvhsgZ8
rhCzrgiKctj+R8QI73NH2UiTxduw75iTBhtgQ046A0PQUFrUrjCkCeDCjHSpmVBX
wvq5m7t9ndex6Y1eaql2FGO27YISk6N+tq5svGqXvCtNBrN+MXPGttl8cbeeFmkX
COlWko+86OK8HzrdOyR/nJvENemub8VqPuOQ2CD8DJCWedPDYfHY6AYHJ56c/JN3
UTMng6I2a85mzIGkw4Skyjlxcn+btytxaxgvodhhKiIr1l7oPzVSvn1d1yjjl/zH
kI0YQS4pEJwyCtrg7/Xxc4kDIE02Uo9KOL8EZOygrrToM/jyA/ZlDIfXqNmVBIVK
JY3qhY0FJ/TL1H5iuhI4MEnIqs7WWWi4bZXf7OEflh6nP9xf91tDk9tQMcVlbRYc
0TDo7PwuJJntCb9MCKBi2C01pG0UxAiWR8IBV6DPhQwRSuZkIViTQzKsh8fBVgub
Jv464wQDwmUcRbF+l2hmZZ4BQq0X7IBc0P0Z49NDETjJ7oJJU3sAIS9yw3mIFqPu
ES9ATculBWlanXDAbK5kPCBHyHHuYm5RM7AzCNGWIUZRgnboLvKcRrp59tJltyjW
+nIkVQol7E8gH38/Zrbejyq//68JV2YeY5AM+NnOj3+BOIDggvA=
=PGlV
-----END PGP SIGNATURE-----
_______________________________________________
Sent through the Full Disclosure mailing list
<a rel="nofollow" href="https://nmap.org/mailman/listinfo/fulldisclosure">https://nmap.org/mailman/listinfo/fulldisclosure</a>
Web Archives & RSS: <a rel="nofollow" href="http://seclists.org/fulldisclosure/">http://seclists.org/fulldisclosure/</a>
</pre>
<!--X-Body-of-Message-End-->
<!--X-MsgBody-End-->
<!--X-Follow-Ups-->
<hr>
<!--X-Follow-Ups-End-->
<!--X-References-->
<!--X-References-End-->
<!--X-BotPNI-->
<div class="nav-bar">
<div class="nav-link">
<a href="48"><img src="/images/left-icon-16x16.png" alt="Previous" width="16" height="16"></a>
<a href="date.html#54">By Date</a>
<a href="55"><img src="/images/right-icon-16x16.png" alt="Next" width="16" height="16"></a>
</div>
<div class="nav-link">
<a href="48"><img src="/images/left-icon-16x16.png" alt="Previous" width="16" height="16"></a>
<a href="index.html#54">By Thread</a>
<a href="55"><img src="/images/right-icon-16x16.png" alt="Next" width="16" height="16"></a>
</div>
</div>
<h3 class="m-thread">Current thread:</h3>
<ul class="thread">
<li><strong>APPLE-SA-2021-10-26-2 iOS 14.8.1 and iPadOS 14.8.1</strong> <em>Apple Product Security via Fulldisclosure (Oct 27)</em>
</li></ul>
<!--X-BotPNI-End-->
<!--X-User-Footer-->
<!--X-User-Footer-End-->
<p>
Vulmon