Vulnerabilities in Apple operating systems reportedly being actively exploited

Our advisories highlight current cyber security threats and vulnerabilities in New Zealand, and provide guidance on how to mitigate their impact.

Subscribe to our updates to be notified as soon as we publish an advisory.

2:00pm, 4 May 2021

TLP Rating: Clear

Vulnerabilities in Apple operating systems reportedly being actively exploited

Apple has released patches for vulnerabilities in iOS, ipadOS, macOS, and watchOS. The vulnerabilities allow an attacker to execute arbitrary code if a user opens malicious web content. There have been reports that these vulnerabilities are being actively exploited.

CERT NZ recommends all users of these operating systems immediately update their devices.

What's happening

Systems affected

Apple has stated the vulnerabilities affect products running the following operating systems:

  • iOS and ipadOS 14 before 14.5.1
  • iOS 12 before 12.5.3
  • macOS before 11.3.1
  • watchOS before 7.4.1

For a complete list of products that are able to be updated see the full list on Apples website. External Link

What this means

If a user opens maliciously crafted web content, an attacker can execute arbitrary code on the device.

What to look for

How to tell if you're at risk

If you are using devices running the following operating systems:

  • iOS or ipadOS 14 before 14.5.1
  • iOS 12 before 12.5.3
  • macOS before 11.3.1
  • watchOS before 7.4.1

What to do

Prevention

Apply the latest security updates as detailed in the relevant security update from Apple. External Link

More information

Apple security updates  External Link

If you require more information or further support, submit a report on our website or contact us on 0800 CERTNZ.

Report an incident to CERT NZ

For media enquiries, email our media desk at certmedia@cert.govt.nz or call on 021 854 384