Apple releases emergency iOS and macOS security patch - so update now

iPhone 5S
(Image credit: Future)
Audio player loading…

Apple has patched a zero-day arbitrary code execution (ACE) vulnerability in iOS and macOS (opens in new tab) devices that was being exploited in the wild to run code with kernel privileges on compromised devices.

The vulnerability (tracked as CVE-2021-30869) reportedly affected iPhones (opens in new tab) and Macs (opens in new tab) powered by older iOS and macOS versions.

"Apple is aware of reports that an exploit for this issue exists in the wild," Apple said in its update announcement (opens in new tab)

TechRadar needs yo...

We're looking at how our readers use VPNs with streaming sites like Netflix so we can improve our content and offer better advice. This survey won't take more than 60 seconds of your time, and we'd hugely appreciate if you'd share your experiences with us.

>> Click here to start the survey in a new window (opens in new tab) <<

Although Apple hasn’t shared much details about the vulnerability citing customer’s protection, it did mention that the bug exists in Apple’s open source (opens in new tab) XNU operating system kernel. 

Long list of zero-days

The zero-day was reported to Apple by members of Google’s Threat Analysis Group, and Google Project Zero.

Reporting on the development, BleepingComputer shares that the vulnerability impacts iPhone 5s (opens in new tab), iPhone 6, iPhone 6 Plus (opens in new tab), iPad (opens in new tab) Air, iPad mini (opens in new tab) 2, iPad mini 3, and iPod touch (opens in new tab) (6th generation) running iOS 12.5.5, along with Macs running macOS Catalina (opens in new tab)

It’s also being reported that Apple has used the opportunity to backport security updates in the latest security update for two already-patched zero-days, one of them reported by The Citizen Lab (opens in new tab) and used to deploy NSO Pegasus spyware on hacked devices. 

Apple reportedly has had to deal with several zero-days off late, many of whom have been used in attacks against iOS and macOS devices, the most notorious being the ones exploited to install Pegasus spyware on iPhones.

Via BleepingComputer (opens in new tab)

With almost two decades of writing and reporting on Linux, Mayank Sharma would like everyone to think he’s TechRadar Pro’s expert on the topic. Of course, he’s just as interested in other computing topics, particularly cybersecurity, cloud, containers, and coding.