Security News > 2021 > September > Apple fixes another zero-day used to deploy NSO iPhone spyware
Apple has released security updates to fix three zero-day vulnerabilities exploited in the wild by attackers to hack into iPhones and Macs running older iOS and macOS versions.
Based on the info shared by Apple in today's security advisories [1, 2] at least one of the bugs was likely used to deploy NSO Pegasus spyware on hacked devices.
Successful exploitation of any of these bugs leads to arbitrary code execution on compromised devices, with kernel privileges if the abused zero-day is the one found in XNU. "Apple is aware of a report that this issue may have been actively exploited," Apple said when describing the three zero-day vulnerabilities.
iPhone 5s, iPhone 6, iPhone 6 Plus, iPad Air, iPad mini 2, iPad mini 3, and iPod touch running iOS 12.5.5.
Two zero-days earlier this month, one of them used also used to install Pegasus spyware on iPhones,.
Two iOS zero-day bugs in June that "May have been actively exploited" to hack into older iPhone, iPad, and iPod devices.
News URL
Related news
- New LightSpy Spyware Version Targets iPhones with Increased Surveillance Tactics (source)
- NSO Group used another WhatsApp zero-day after being sued, court docs say (source)
- NSO Group Exploited WhatsApp to Install Pegasus Spyware Even After Meta's Lawsuit (source)
- Apple fixes two zero-days used in attacks on Intel-based Macs (source)
- Apple Releases Urgent Updates to Patch Actively Exploited Zero-Day Vulnerabilities (source)
- Apple fixes 2 zero-days exploited to breach macOS systems (CVE-2024-44309, CVE-2024-44308) (source)
- Apple Patches Two Zero-Day Attack Vectors (source)
- New Android NoviSpy spyware linked to Qualcomm zero-day bugs (source)