Security News > 2021 > September > Apple fixes another zero-day used to deploy NSO iPhone spyware
Apple has released security updates to fix three zero-day vulnerabilities exploited in the wild by attackers to hack into iPhones and Macs running older iOS and macOS versions.
Based on the info shared by Apple in today's security advisories [1, 2] at least one of the bugs was likely used to deploy NSO Pegasus spyware on hacked devices.
Successful exploitation of any of these bugs leads to arbitrary code execution on compromised devices, with kernel privileges if the abused zero-day is the one found in XNU. "Apple is aware of a report that this issue may have been actively exploited," Apple said when describing the three zero-day vulnerabilities.
iPhone 5s, iPhone 6, iPhone 6 Plus, iPad Air, iPad mini 2, iPad mini 3, and iPod touch running iOS 12.5.5.
Two zero-days earlier this month, one of them used also used to install Pegasus spyware on iPhones,.
Two iOS zero-day bugs in June that "May have been actively exploited" to hack into older iPhone, iPad, and iPod devices.
News URL
Related news
- Apple Patches Actively Exploited Zero-Day Affecting iPhones, Macs, and More (source)
- Apple zero-day vulnerability exploited to target iPhone users (CVE-2025-24085) (source)
- New Android NoviSpy spyware linked to Qualcomm zero-day bugs (source)
- U.S. Judge Rules Against NSO Group in WhatsApp Pegasus Spyware Case (source)
- US court finds spyware maker NSO liable for WhatsApp hacks (source)
- Spyware Maker NSO Group Found Liable for Hacking WhatsApp (source)
- Apple fixes this year’s first actively exploited zero-day bug (source)
- SLAP, Apple, and FLOP: Safari, Chrome at risk of data theft on iPhone, Mac, iPad Silicon (source)
- Week in review: Apple 0-day used to target iPhones, DeepSeek’s popularity exploited by scammers (source)