CVE-2021-30860

Name of the Vulnerable Software and Affected Versions iOS versions prior to 14.8 iPadOS versions prior to 14.8 watchOS versions prior to 7.6.2 Mac OS versions prior to Security Update 2021-005 Catalina, macOS Big Sur 11.6

Description The issue is caused by an integer overflow that can be exploited by opening a maliciously crafted PDF file, potentially allowing a remote attacker to execute arbitrary code on the target system. Apple is aware of reports that this issue may have been actively exploited. The vulnerability can be triggered on devices running versions prior to the specified fixed versions.

Recommendations For iOS versions prior to 14.8, update to iOS 14.8 or later. For iPadOS versions prior to 14.8, update to iPadOS 14.8 or later. For watchOS versions prior to 7.6.2, update to watchOS 7.6.2 or later. For Mac OS versions prior to Security Update 2021-005 Catalina, apply Security Update 2021-005 Catalina or update to macOS Big Sur 11.6 or later. As a temporary workaround, consider avoiding the use of PDF files from untrusted sources until the issue is resolved.