[SANS ISC] Multiple Apple Patches for October 2021, (Thu, Oct 28th)

With the recent release of macOS Monterey 12.0.1, multiple security vulnerabilities were addressed [1]. For users who were not keen to update to macOS Monterey either due to personal or operational reasons, security updates for macOS Catalina [2] and macOS Big Sur [3] were also made available.

However, Apple has yet released another set of security updates for macOS Big Sur and macOS Catalina, and specifically for Safari on those 2 operating systems just a few hours ago [4]. The security updates fixes WebKit related vulnerabilities (CVE-2021-30887,  CVE-2021-30888, CVE-2021-30889 and CVE-2021-30890). The security updates for these vulnerabilities were included in the macOS Monterey 12.0.1 release [1], but were not present in the security updates for macOS Catalina [2] and macOS Big Sur [3] released recently.

Users who installed Security Update 2021-007 Catalina or macOS Big Sur 11.6.1 might have thought that was all for security updates, but there’s still one more to install! Although there has been no indication that this issue may have been actively exploited, it is recommended that affected devices be updated as soon as possible.

References:
[1] https://support.apple.com/kb/HT212869
[2] https://support.apple.com/kb/HT212871
[3] https://support.apple.com/kb/HT212872
[4] https://support.apple.com/kb/HT212875

———–
Yee Ching Tok, ISC Handler
Personal Site
Twitter

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

Source: Read More (SANS Internet Storm Center, InfoCON: green)

You might be interested in …

Daily NCSC-FI news followup 2021-03-31

CISA gives federal agencies 5 days to find hacked Exchange servers www.bleepingcomputer.com/news/security/cisa-gives-federal-agencies-5-days-to-find-hacked-exchange-servers/ See also: cyber.dhs.gov/ed/21-02/ North Korean hackers target security researchers again www.bleepingcomputer.com/news/security/google-north-korean-hackers-target-security-researchers-again/ Google’s Threat Analysis Group (TAG) says that North Korean government-sponsored hackers are once again targeting security researchers using fake Twitter and LinkedIn social media accounts. Risk Management, C-Suite Shifts & Next-Gen Text […]

Read More

[SecurityWeek] NASA Identified Over 6,000 Cyber Incidents in Past 4 Years

All posts, Security Week

The U.S. National Aeronautics and Space Administration (NASA) identified more than 6,000 cyber-related incidents in the last four years, according to a report published this month by NASA’s Office of Inspector General. read more Source: Read More (SecurityWeek RSS Feed)

Read More

[SecurityWeek] At Least 30,000 Internet-Exposed Exchange Servers Vulnerable to ProxyShell Attacks

All posts, Security Week

Tens of thousands of internet-exposed Microsoft Exchange servers appear to be affected by the ProxyShell vulnerabilities, and they could get compromised at any moment considering that threat actors are already scanning the web for vulnerable devices. read more Source: Read More (SecurityWeek RSS Feed)

Read More