Apple releases emergency iOS and macOS security patch - so update now

iPhone 5S
(Image credit: Future)

Apple has patched a zero-day arbitrary code execution (ACE) vulnerability in iOS and macOS devices that was being exploited in the wild to run code with kernel privileges on compromised devices.

The vulnerability (tracked as CVE-2021-30869) reportedly affected iPhones and Macs powered by older iOS and macOS versions.

"Apple is aware of reports that an exploit for this issue exists in the wild," Apple said in its update announcement

TechRadar needs yo...

We're looking at how our readers use VPNs with streaming sites like Netflix so we can improve our content and offer better advice. This survey won't take more than 60 seconds of your time, and we'd hugely appreciate if you'd share your experiences with us.

>> Click here to start the survey in a new window <<

Although Apple hasn’t shared much details about the vulnerability citing customer’s protection, it did mention that the bug exists in Apple’s open source XNU operating system kernel. 

Long list of zero-days

The zero-day was reported to Apple by members of Google’s Threat Analysis Group, and Google Project Zero.

Reporting on the development, BleepingComputer shares that the vulnerability impacts iPhone 5s, iPhone 6, iPhone 6 Plus, iPad Air, iPad mini 2, iPad mini 3, and iPod touch (6th generation) running iOS 12.5.5, along with Macs running macOS Catalina

It’s also being reported that Apple has used the opportunity to backport security updates in the latest security update for two already-patched zero-days, one of them reported by The Citizen Lab and used to deploy NSO Pegasus spyware on hacked devices. 

Apple reportedly has had to deal with several zero-days off late, many of whom have been used in attacks against iOS and macOS devices, the most notorious being the ones exploited to install Pegasus spyware on iPhones.

Via BleepingComputer

Mayank Sharma

With almost two decades of writing and reporting on Linux, Mayank Sharma would like everyone to think he’s TechRadar Pro’s expert on the topic. Of course, he’s just as interested in other computing topics, particularly cybersecurity, cloud, containers, and coding.