The College of New Jersey

Apply     Visit     Give     |     Alumni     Parents     Offices     TCNJ Today     Three Bar Menu

EXPLOIT – CVE-2021-30860 – FORCEDENTRY zero-day exploit on Apple devices

The FORCEDENTRY vulnerability was discovered last week by CitizenLab.  This vulnerability allows attackers to craft malicious PDF files which the device then process and runs the attackers code, leading to data theft, impersonation and potential device takeover. 

This vulnerability exploits Apple’s image rendering library, CoreGraphics and requires no interaction from the user once the text message is opened.  Apple has released patches for this vulnerability:  iPhone and iPad users should update to iOS 14.8 and iPadOS 14.8.  Mac users should update to Catalina 2021-005 or Big Sur 11.6.  Apple Watch users should update to watchOS 7.6.2.   Any version prior to  these are at risk (and phones or devices that no longer received updates are very vulnerable as they cannot patch to the latest versions).  For more information on this vulnerability see https://nvd.nist.gov/vuln/detail/CVE-2021-30860.

Top