The iPhone’s reputation as a secure platform has taken another beating after Apple was forced to release another patch for 3 zero-day exploits known to be used by hackers in the wild.

At least one was believed to be used to governments to spy on aid workers, potentially placing their lives at risk.

The fixes are for iPhones and Macs running older versions of iOS and macOS.

“Apple is aware of a report that this issue may have been actively exploited,” Apple noted in their advisories (12).

The full list of impacted devices include:

iPhone 5s, iPhone 6, iPhone 6 Plus, iPad Air, iPad mini 2, iPad mini 3, and iPod touch (6th generation) running iOS 12.5.5 and Macs with Security Update 2021-006 Catalina.

The patches are for CVE-2021-30860 (in the CoreGraphics framework), CVE-2021-30858 (in the WebKit browser engine), and CVE-2021-30869 (in the XNU operating system kernel), and successful exploitation of any of these bugs leads to arbitrary code execution, including potentially with kernel privileges.

There has been a large number of exploits targeting iOS recently, with some saying due to the dated code in Safari, the nature of iMessage and the inability to install anti-malware applications the platform is impossible to secure.

via BleepingComputer

Comments