Apple has patched a zero-day arbitrary code execution (ACE) vulnerability in iOS and macOS devices that was being exploited in the wild to run code with kernel privileges on compromised devices.
The vulnerability (tracked as CVE-2021-30869) reportedly affected iPhones and Macs powered by older iOS and macOS versions.
“Apple is aware of reports that an exploit for this issue exists in the wild,” Apple said in its update announcement.
We’re looking at how our readers use VPNs with streaming sites like Netflix so we can improve our content and offer better advice. This survey won’t take more than 60 seconds of your time, and we’d hugely appreciate if you’d share your experiences with us.
Although Apple hasn’t shared much details about the vulnerability citing customer’s protection, it did mention that the bug exists in Apple’s open source XNU operating system kernel.
Long list of zero-days
The zero-day was reported to Apple by members of Google’s Threat Analysis Group, and Google Project Zero.
Reporting on the development, BleepingComputer shares that the vulnerability impacts iPhone 5s, iPhone 6, iPhone 6 Plus, iPad Air, iPad mini 2, iPad mini 3, and iPod touch (6th generation) running iOS 12.5.5, along with Macs running macOS Catalina.
It’s also being reported that Apple has used the opportunity to backport security updates in the latest security update for two already-patched zero-days, one of them reported by The Citizen Lab and used to deploy NSO Pegasus spyware on hacked devices.
Apple reportedly has had to deal with several zero-days off late, many of whom have been used in attacks against iOS and macOS devices, the most notorious being the ones exploited to install Pegasus spyware on iPhones.
Via BleepingComputer
