September 2021 iOS, iPadOS, watchOS, macOS, and Safari security update brings spyware fix

On September 13, 2021, Apple rolled out September 2021 security update for iOS, iPadOS, watchOS, macOS Big Sur, Catalina, and Safari browser and brings a major spyware fix. These update has important improvements for the Apple software products and could prevent major software breach among Apple ecosystem.

Except for their software version, all of these products are receiving the same security improvements, especially – iOS, iPadOS. So, let’s dive into it and learn more about what Apple has fixed in the September 2021 iOS update.

Let’s talk first about iOS 14.8 and iPadOS 14.8 update:

First security improvement is applied to CoreGraphics. As previously, a customized PDF could inject harmful code into the software’s internal program. Leading to arbitrary code execution. This issue is now been resolved by Apple by improving the input validation of such files.

It has CVE-2021-30860 code, which is reported to be spyware, it’s also known as “zero-day or zero click”. Citizen lab examined the phone of a Saudi activist and determined that they had been hacked with NSO Group’s Pegasus spyware. During the course of the analysis, the research firm obtained an iTunes backup of the device.

By moving forward, On Monday, September 13, Apple confirmed Citizenlab’s findings of including a zero-day exploit against iOS and macOS. Apple designated the FORCEDENTRY to exploit CVE-2021-30860, and describe it as “processing a maliciously crafted PDF may lead to arbitrary code execution.”

For devices:

The CVE-2021-30860 fix update was primarily released for iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation).

Webkit Security Fix:

Next comes the WebKit fix, this flaw can allow any online content to push harmful content on your Apple device. This will also lead to arbitrary code execution, which now has been fixed with September 2021 security update by improving the memory management in devices.

For devices:

This issue has CEE code CVE-2021-30858 and this improvement has been addressed for iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

How to update your iPhone or iPad product:

If a message says that an update is available, tap Install to update now. Or you can tap Later and choose Install Tonight or Remind Me Later. If you tap Install Tonight, just plug your device into power at night. Your device will update automatically overnight.

You can also follow these steps:

• Plug your device into power and connect to the internet with Wi-Fi.
• Go to Settings > General, then tap Software Update.

Tap Install Now. If you see Download and Install instead, tap it to download the update, enter your passcode, then tap Install Now.

macOS Big Sur, Catalina, watchOS and Safari:

Apple is rolling September 2021 software update for macOS Big Sur 11.6 and macOS Catalina with the same security improvements as iOS 14.8 and iPadOS 14.8. Furthermore, the watchOS 7.6.2 update carries similar security fixes as well as the Safari browser with version 14.1.2. However, the safari versions may vary on different macOS.