Reprinted from TidBITS by permission; reuse governed by Creative Commons
license BY-NC-ND 3.0. TidBITS has offered years of thoughtful commentary
on Apple and Internet topics. For free email subscriptions and access to the
entire TidBITS archive, visit http://www.tidbits.com/


 macOS 11.6 Big Sur, iOS 14.8, iPadOS 14.8, watchOS 7.6.2, and Security Update
                      2021-005 Catalina Fix Security Flaws

   Josh Centers

   On the eve of Apple's next big product announcement, the company has
   released [1]macOS 11.6 Big Sur, [2]iOS 14.8, iPadOS 14.8, [3]watchOS
   7.6.2, and [4]Security Update 2021-005 Catalina to fix a PDF-related
   security issue: 'Processing a maliciously crafted PDF may lead to
   arbitrary code execution. Apple is aware of a report that this issue
   may have been actively exploited.'
   iOS still has absurdly small text for update notes.

   macOS 11.6, iOS 14.8, and iPadOS 14.8 also fix a Web browsing
   vulnerability: 'Processing maliciously crafted web content may lead to
   arbitrary code execution. Apple is aware of a report that this issue
   may have been actively exploited.'

   [5]9to5Mac suggests that NSO Group exploited the PDF vulnerability in
   [6]the Pegasus spyware used to target Bahraini activists; apparently,
   the vulnerability circumvents Apple's BlastDoor protections (see
   '[7]BlastDoor Hardens iMessage Against Malware Assaults,' 4 February
   2021). We recommend installing these updates right away.

   Here's how to update on each platform:
     * macOS: You can install macOS 11.6 (2.64 GB on an Intel-based
       27-inch iMac) or Security Update 2021-005 Catalina from System
       Preferences > Software Update.
     * iOS and iPadOS: You can install iOS 14.8 (402.6 MB on an iPhone 11)
       or iPadOS 14.8 from Settings > General > Software Update.
     * watchOS: You can install the watchOS 7.6.2 update (70.1 MB on an
       Apple Watch Series 4) in the Watch app on your iPhone under My
       Watch > General > Software Update. Have your watch on its charger
       and charged to at least 50%.

References

   Visible links
   1. https://support.apple.com/en-us/HT212804
   2. https://support.apple.com/en-us/HT212807
   3. https://support.apple.com/en-us/HT212806
   4. https://support.apple.com/en-us/HT212805
   5. https://9to5mac.com/2021/09/13/apple-says-ios-14-8-patches-iphone-attack-that-defeated-blastdoor-protections/
   6. https://citizenlab.ca/2021/08/bahrain-hacks-activists-with-nso-group-zero-click-iphone-exploits/
   7. https://tidbits.com/2021/02/04/blastdoor-hardens-imessage-against-malware-assaults/

   Hidden links:
   8. https://tidbits.com/wp/../uploads/2021/09/iOS-148.jpeg

.