Security News > 2021 > July > Apple emergency zero-day fix for iPhones and Macs – get it now!
Now it's Apple's turn to be in the patch-right-now spotlight, with a somewhat under-announced emergency zero-day fix, just a few days after the company's last, and much broader, security update.
These include elevation of privilege, where an otherwise uninteresting app suddenly gets the same sort of power as the operating system itself, or even remote code execution, where an otherwise innocent operation, such as viewing a web page or opening up an image, could trick the kernel into running completely untrusted code that didn't come from Apple itself.
In particular, when Apple notes that "An application may be able to execute arbitrary code with kernel privileges", you should assume that an attacker could not only steal your personal data without any visible warnings, but also effectively "Jailbreak" your device, thereby bypassing Apple's protective security boundaries entirely, without so much as a by-your-leave.
Annoyingly, you won't yet find mention of this update on Apple's main security update portal, the well-known HT201222 web page.
As far as we can tell, those are the only updates available at the moment, but we can't tell you if iOS 12 and older-but-supported versions of macOS don't have updates because they aren't vulnerable, or simply because Apple hasn't got around to patching them yet.
Apple's security portal page has now been updated to list these fixes.
News URL
Related news
- Apple fixes two zero-days used in attacks on Intel-based Macs (source)
- Fraudsters imprisoned for scamming Apple out of 6,000 iPhones (source)
- Apple Releases Urgent Updates to Patch Actively Exploited Zero-Day Vulnerabilities (source)
- Apple fixes 2 zero-days exploited to breach macOS systems (CVE-2024-44309, CVE-2024-44308) (source)
- Apple Patches Two Zero-Day Attack Vectors (source)