Apple release urgent fix for 3 Zero-day vulnerabilities being exploited in the wild

Home ยป Apple

Reading time icon 2 min. read

Calendar icon Published on

by Surur Davids 

published on

Share this article

Readers help support MSpoweruser. We may get a commission if you buy through our links. Tooltip Icon

Read our disclosure page to find out how can you help MSPoweruser sustain the editorial team Read more

hacked iphone 2

The iPhone’s reputation as a secure platform has taken another beating after Apple was forced to release another patch for 3 zero-day exploits known to be used by hackers in the wild.

At least one was believed to be used to governments to spy on aid workers, potentially placing their lives at risk.

The fixes are for iPhones and Macs running older versions of iOS and macOS.

“Apple is aware of a report that this issue may have been actively exploited,” Apple noted in their advisories (1,ย 2).

The full list of impacted devices include:

iPhone 5s, iPhone 6, iPhone 6 Plus, iPad Air, iPad mini 2, iPad mini 3, and iPod touch (6th generation) running iOS 12.5.5 and Macs with Security Update 2021-006 Catalina.

The patches are for CVE-2021-30860 (in the CoreGraphics framework), CVE-2021-30858 (in the WebKit browser engine), and CVE-2021-30869 (in the XNU operating system kernel), and successful exploitation of any of these bugs leads to arbitrary code execution, including potentially with kernel privileges.

There has been a large number of exploits targeting iOS recently, with some saying due to the dated code in Safari, the nature of iMessage and the inability to install anti-malware applications the platform is impossible to secure.

via BleepingComputer

Surur Davids

Surur Davids Shield

Smartphone Expert

Surur Davids is the founder of WMPoweruser which later became MSPoweruser.com. He's a smartphone expert with over a decade of experience.

User forum

0 messages