Skip to main content Skip to local navigation

Service Advisory - CVE-2021-30860 (FORCEDENTRY)

Service Advisory - CVE-2021-30860 (FORCEDENTRY)


A picture containing text  Description automatically generated


Service Advisory


Please share the following information with your teams.


Information Security has noticed a zero-day vulnerability (CVE-2021-30806) for Apple iPhones, iPad, Apple watch and Mac OS exploited in the wild. The vulnerability allows a remote attacker to execute arbitrary code on the target system.


Severity level 

CVSS Score: (High) 8.4



The vulnerability exists due to integer overflow when processing PDF files within the CoreGraphics component. A remote attacker can trick the victim to open a specially crafted PDF file, trigger integer overflow and execute arbitrary code on the target system.


Affected Versions

All iPhones with iOS versions prior to 14.8, All Mac computers with operating system versions prior to OSX Big Sur 11.6, Security Update 2021-005 Catalina, and all Apple Watches prior to watchOS 7.6.2  


An attacker could exploit these vulnerability to take control of an affected device.



Apple released security updates.





UIT Client Services at or 416 736 5800


This email was sent by: York University, 4700 Keele Street, Toronto, Ontario M3J 1P3

This email is viewed best in Microsoft Outlook for web