On the eve of Apple’s next big product announcement, the company has released macOS 11.6 Big Sur, iOS 14.8, iPadOS 14.8, watchOS 7.6.2, and Security Update 2021-005 Catalina to fix a PDF-related security issue: “Processing a maliciously crafted PDF may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.”
macOS 11.6, iOS 14.8, and iPadOS 14.8 also fix a Web browsing vulnerability: “Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.”
9to5Mac suggests that NSO Group exploited the PDF vulnerability in the Pegasus spyware used to target Bahraini activists; apparently, the vulnerability circumvents Apple’s BlastDoor protections (see “BlastDoor Hardens iMessage Against Malware Assaults,” 4 February 2021). We recommend installing these updates right away.
Here’s how to update on each platform:
- macOS: You can install macOS 11.6 (2.64 GB on an Intel-based 27-inch iMac) or Security Update 2021-005 Catalina from System Preferences > Software Update.
- iOS and iPadOS: You can install iOS 14.8 (402.6 MB on an iPhone 11) or iPadOS 14.8 from Settings > General > Software Update.
- watchOS: You can install the watchOS 7.6.2 update (70.1 MB on an Apple Watch Series 4) in the Watch app on your iPhone under My Watch > General > Software Update. Have your watch on its charger and charged to at least 50%.