Apple releases details of security fixes in iOS 14.7 and iPadOS 14.7

How to use widgets on your iPhone Home screenSupply: Joseph Keller / iMore

Earlier at present, Apple launched iPadOS 14.7 to the general public after releasing iOS 14.7 earlier this week.

Along with these software program releases, Apple has printed the total listing of the safety fixes it has launched as a part of these software program updates. The updates embody safety fixes to each Discover My and WebKit.

You’ll be able to take a look at the total listing of safety fixes under or on the Apple Support web site:

ActionKit

  • Accessible for: iPhone 6s and later, iPad Professional (all fashions), iPad Air 2 and later, iPad fifth technology and later, iPad mini 4 and later, and iPod contact (seventh technology)
  • Influence: A shortcut might be able to bypass Web permission necessities
  • Description: An enter validation concern was addressed with improved enter validation.
  • CVE-2021-30763: Zachary Keffaber (@QuickUpdate5)

Audio

  • Accessible for: iPhone 6s and later, iPad Professional (all fashions), iPad Air 2 and later, iPad fifth technology and later, iPad mini 4 and later, and iPod contact (seventh technology)
  • Influence: A neighborhood attacker might be able to trigger sudden utility termination or arbitrary code execution
  • Description: This concern was addressed with improved checks.
  • CVE-2021-30781: tr3e

AVEVideoEncoder

  • Accessible for: iPhone 6s and later, iPad Professional (all fashions), iPad Air 2 and later, iPad fifth technology and later, iPad mini 4 and later, and iPod contact (seventh technology)
  • Influence: An utility might be able to execute arbitrary code with kernel privileges
  • Description: A reminiscence corruption concern was addressed with improved state administration.
  • CVE-2021-30748: George Nosenko

CoreAudio

  • Accessible for: iPhone 6s and later, iPad Professional (all fashions), iPad Air 2 and later, iPad fifth technology and later, iPad mini 4 and later, and iPod contact (seventh technology)
  • Influence: Processing a maliciously crafted audio file might result in arbitrary code execution
  • Description: A reminiscence corruption concern was addressed with improved state administration.
  • CVE-2021-30775: JunDong Xie of Ant Safety Gentle-Yr Lab

CoreAudio

  • Accessible for: iPhone 6s and later, iPad Professional (all fashions), iPad Air 2 and later, iPad fifth technology and later, iPad mini 4 and later, and iPod contact (seventh technology)
  • Influence: Enjoying a malicious audio file might result in an sudden utility termination
  • Description: A logic concern was addressed with improved validation.
  • CVE-2021-30776: JunDong Xie of Ant Safety Gentle-Yr Lab

CoreGraphics

  • Accessible for: iPhone 6s and later, iPad Professional (all fashions), iPad Air 2 and later, iPad fifth technology and later, iPad mini 4 and later, and iPod contact (seventh technology)
  • Influence: Opening a maliciously crafted PDF file might result in an sudden utility termination or arbitrary code execution
  • Description: A race situation was addressed with improved state dealing with.
  • CVE-2021-30786: ryuzaki

CoreText

  • Accessible for: iPhone 6s and later, iPad Professional (all fashions), iPad Air 2 and later, iPad fifth technology and later, iPad mini 4 and later, and iPod contact (seventh technology)
  • Influence: Processing a maliciously crafted font file might result in arbitrary code execution
  • Description: An out-of-bounds learn was addressed with improved enter validation.
  • CVE-2021-30789: Mickey Jin (@patch1t) of Development Micro, Sunglin of Knownsec 404 staff

Crash Reporter

  • Accessible for: iPhone 6s and later, iPad Professional (all fashions), iPad Air 2 and later, iPad fifth technology and later, iPad mini 4 and later, and iPod contact (seventh technology)
  • Influence: A malicious utility might be able to acquire root privileges
  • Description: A logic concern was addressed with improved validation.
  • CVE-2021-30774: Yizhuo Wang of Group of Software program Safety In Progress (G.O.S.S.I.P) at Shanghai Jiao Tong College

CVMS

  • Accessible for: iPhone 6s and later, iPad Professional (all fashions), iPad Air 2 and later, iPad fifth technology and later, iPad mini 4 and later, and iPod contact (seventh technology)
  • Influence: A malicious utility might be able to acquire root privileges
  • Description: An out-of-bounds write concern was addressed with improved bounds checking.
  • CVE-2021-30780: Tim Michaud(@TimGMichaud) of Zoom Video Communications

dyld

  • Accessible for: iPhone 6s and later, iPad Professional (all fashions), iPad Air 2 and later, iPad fifth technology and later, iPad mini 4 and later, and iPod contact (seventh technology)
  • Influence: A sandboxed course of might be able to circumvent sandbox restrictions
  • Description: A logic concern was addressed with improved validation.
  • CVE-2021-30768: Linus Henze (pinauten.de)

Discover My

  • Accessible for: iPhone 6s and later, iPad Professional (all fashions), iPad Air 2 and later, iPad fifth technology and later, iPad mini 4 and later, and iPod contact (seventh technology)
  • Influence: A malicious utility might be able to entry Discover My information
  • Description: A permissions concern was addressed with improved validation.
  • CVE-2021-30804: Csaba Fitzl (@theevilbit) of Offensive Safety

FontParser

  • Accessible for: iPhone 6s and later, iPad Professional (all fashions), iPad Air 2 and later, iPad fifth technology and later, iPad mini 4 and later, and iPod contact (seventh technology)
  • Influence: Processing a maliciously crafted font file might result in arbitrary code execution
  • Description: An integer overflow was addressed via improved enter validation.
  • CVE-2021-30760: Sunglin of Knownsec 404 staff

FontParser
* Accessible for: iPhone 6s and later, iPad Professional (all fashions), iPad Air 2 and later, iPad fifth technology and later, iPad mini 4 and later, and iPod contact (seventh technology)
* Influence: Processing a maliciously crafted tiff file might result in a denial-of-service or doubtlessly disclose reminiscence contents
* Description: This concern was addressed with improved checks.
* CVE-2021-30788: tr3e working with Development Micro Zero Day Initiative

FontParser

  • Accessible for: iPhone 6s and later, iPad Professional (all fashions), iPad Air 2 and later, iPad fifth technology and later, iPad mini 4 and later, and iPod contact (seventh technology)
  • Influence: Processing a maliciously crafted font file might result in arbitrary code execution
  • Description: A stack overflow was addressed with improved enter validation.
  • CVE-2021-30759: hjy79425575 working with Development Micro Zero Day Initiative

Id Service

  • Accessible for: iPhone 6s and later, iPad Professional (all fashions), iPad Air 2 and later, iPad fifth technology and later, iPad mini 4 and later, and iPod contact (seventh technology)
  • Influence: A malicious utility might be able to bypass code signing checks
  • Description: A problem in code signature validation was addressed with improved checks.
  • CVE-2021-30773: Linus Henze (pinauten.de)

Picture Processing

  • Accessible for: iPhone 6s and later, iPad Professional (all fashions), iPad Air 2 and later, iPad fifth technology and later, iPad mini 4 and later, and iPod contact (seventh technology)
  • Influence: Processing maliciously crafted internet content material might result in arbitrary code execution
  • Description: A use after free concern was addressed with improved reminiscence administration.
  • CVE-2021-30802: Matthew Denton of Google Chrome Safety

ImageIO

  • Accessible for: iPhone 6s and later, iPad Professional (all fashions), iPad Air 2 and later, iPad fifth technology and later, iPad mini 4 and later, and iPod contact (seventh technology)
  • Influence: Processing a maliciously crafted picture might result in arbitrary code execution
  • Description: This concern was addressed with improved checks.
  • CVE-2021-30779: Jzhu, Ye Zhang(@co0py_Cat) of Baidu Safety

ImageIO

  • Accessible for: iPhone 6s and later, iPad Professional (all fashions), iPad Air 2 and later, iPad fifth technology and later, iPad mini 4 and later, and iPod contact (seventh technology)
  • Influence: Processing a maliciously crafted picture might result in arbitrary code execution
  • Description: A buffer overflow was addressed with improved bounds checking.
  • CVE-2021-30785: CFF of Topsec Alpha Staff, Mickey Jin (@patch1t) of Development Micro

Kernel

  • Accessible for: iPhone 6s and later, iPad Professional (all fashions), iPad Air 2 and later, iPad fifth technology and later, iPad mini 4 and later, and iPod contact (seventh technology)
  • Influence: A malicious attacker with arbitrary learn and write functionality might be able to bypass Pointer Authentication
  • Description: A logic concern was addressed with improved state administration.
  • CVE-2021-30769: Linus Henze (pinauten.de)

Kernel

  • Accessible for: iPhone 6s and later, iPad Professional (all fashions), iPad Air 2 and later, iPad fifth technology and later, iPad mini 4 and later, and iPod contact (seventh technology)
  • Influence: An attacker that has already achieved kernel code execution might be able to bypass kernel reminiscence mitigations
  • Description: A logic concern was addressed with improved validation.
  • CVE-2021-30770: Linus Henze (pinauten.de)

libxml2

  • Accessible for: iPhone 6s and later, iPad Professional (all fashions), iPad Air 2 and later, iPad fifth technology and later, iPad mini 4 and later, and iPod contact (seventh technology)
  • Influence: A distant attacker might be able to trigger arbitrary code execution
  • Description: This concern was addressed with improved checks.
  • CVE-2021-3518

Measure

  • Accessible for: iPhone 6s and later, iPad Professional (all fashions), iPad Air 2 and later, iPad fifth technology and later, iPad mini 4 and later, and iPod contact (seventh technology)
  • Influence: A number of points in libwebp
  • Description: A number of points had been addressed by updating to model 1.2.0.
  • CVE-2018-25010
  • CVE-2018-25011
  • CVE-2018-25014
  • CVE-2020-36328
  • CVE-2020-36329
  • CVE-2020-36330
  • CVE-2020-36331

Mannequin I/O

  • Accessible for: iPhone 6s and later, iPad Professional (all fashions), iPad Air 2 and later, iPad fifth technology and later, iPad mini 4 and later, and iPod contact (seventh technology)
  • Influence: Processing a maliciously crafted picture might result in a denial of service
  • Description: A logic concern was addressed with improved validation.
  • CVE-2021-30796: Mickey Jin (@patch1t) of Development Micro

Mannequin I/O

  • Accessible for: iPhone 6s and later, iPad Professional (all fashions), iPad Air 2 and later, iPad fifth technology and later, iPad mini 4 and later, and iPod contact (seventh technology)
  • Influence: Processing a maliciously crafted picture might result in arbitrary code execution
  • Description: An out-of-bounds write was addressed with improved enter validation.
  • CVE-2021-30792: Nameless working with Development Micro Zero Day Initiative

Mannequin I/O

  • Accessible for: iPhone 6s and later, iPad Professional (all fashions), iPad Air 2 and later, iPad fifth technology and later, iPad mini 4 and later, and iPod contact (seventh technology)
  • Influence: Processing a maliciously crafted file might disclose person data
  • Description: An out-of-bounds learn was addressed with improved bounds checking.
  • CVE-2021-30791: Nameless working with Development Micro Zero Day Initiative

TCC

  • Accessible for: iPhone 6s and later, iPad Professional (all fashions), iPad Air 2 and later, iPad fifth technology and later, iPad mini 4 and later, and iPod contact (seventh technology)
  • Influence: A malicious utility might be able to bypass sure Privateness preferences
  • Description: A logic concern was addressed with improved state administration.
  • CVE-2021-30798: Mickey Jin (@patch1t) of Development Micro

WebKit

  • Accessible for: iPhone 6s and later, iPad Professional (all fashions), iPad Air 2 and later, iPad fifth technology and later, iPad mini 4 and later, and iPod contact (seventh technology)
  • Influence: Processing maliciously crafted internet content material might result in arbitrary code execution
  • Description: A sort confusion concern was addressed with improved state dealing with.
  • CVE-2021-30758: Christoph Guttandin of Media Codings

WebKit

  • Accessible for: iPhone 6s and later, iPad Professional (all fashions), iPad Air 2 and later, iPad fifth technology and later, iPad mini 4 and later, and iPod contact (seventh technology)
  • Influence: Processing maliciously crafted internet content material might result in arbitrary code execution
  • Description: A use after free concern was addressed with improved reminiscence administration.
  • CVE-2021-30795: Sergei Glazunov of Google Mission Zero

WebKit

  • Accessible for: iPhone 6s and later, iPad Professional (all fashions), iPad Air 2 and later, iPad fifth technology and later, iPad mini 4 and later, and iPod contact (seventh technology)
  • Influence: Processing maliciously crafted internet content material might result in code execution
  • Description: This concern was addressed with improved checks.
  • CVE-2021-30797: Ivan Fratric of Google Mission Zero

WebKit

  • Accessible for: iPhone 6s and later, iPad Professional (all fashions), iPad Air 2 and later, iPad fifth technology and later, iPad mini 4 and later, and iPod contact (seventh technology)
  • Influence: Processing maliciously crafted internet content material might result in arbitrary code execution
  • Description: A number of reminiscence corruption points had been addressed with improved reminiscence dealing with.
  • CVE-2021-30799: Sergei Glazunov of Google Mission Zero

Wi-Fi

  • Accessible for: iPhone 6s and later, iPad Professional (all fashions), iPad Air 2 and later, iPad fifth technology and later, iPad mini 4 and later, and iPod contact (seventh technology)
  • Influence: Becoming a member of a malicious Wi-Fi community might lead to a denial of service or arbitrary code execution
  • Description: This concern was addressed with improved checks.
  • CVE-2021-30800: vm_call, Nozhdar Abdulkhaleq Shukri

We might earn a fee for purchases utilizing our hyperlinks. Learn more.