Apple release urgent fix for 3 Zero-day vulnerabilities being exploited in the wild

Reading time icon 2 min. read


Readers help support MSpoweruser. We may get a commission if you buy through our links. Tooltip Icon

Read our disclosure page to find out how can you help MSPoweruser sustain the editorial team Read more

hacked iphone 2

The iPhone’s reputation as a secure platform has taken another beating after Apple was forced to release another patch for 3 zero-day exploits known to be used by hackers in the wild.

At least one was believed to be used to governments to spy on aid workers, potentially placing their lives at risk.

The fixes are for iPhones and Macs running older versions of iOS and macOS.

“Apple is aware of a report that this issue may have been actively exploited,” Apple noted in their advisories (1, 2).

The full list of impacted devices include:

iPhone 5s, iPhone 6, iPhone 6 Plus, iPad Air, iPad mini 2, iPad mini 3, and iPod touch (6th generation) running iOS 12.5.5 and Macs with Security Update 2021-006 Catalina.

The patches are for CVE-2021-30860 (in the CoreGraphics framework), CVE-2021-30858 (in the WebKit browser engine), and CVE-2021-30869 (in the XNU operating system kernel), and successful exploitation of any of these bugs leads to arbitrary code execution, including potentially with kernel privileges.

There has been a large number of exploits targeting iOS recently, with some saying due to the dated code in Safari, the nature of iMessage and the inability to install anti-malware applications the platform is impossible to secure.

via BleepingComputer

User forum

0 messages