Security News > 2021 > September > Apple fixes another zero-day used to deploy NSO iPhone spyware

Apple fixes another zero-day used to deploy NSO iPhone spyware
2021-09-23 18:23

Apple has released security updates to fix three zero-day vulnerabilities exploited in the wild by attackers to hack into iPhones and Macs running older iOS and macOS versions.

Based on the info shared by Apple in today's security advisories [1, 2] at least one of the bugs was likely used to deploy NSO Pegasus spyware on hacked devices.

Successful exploitation of any of these bugs leads to arbitrary code execution on compromised devices, with kernel privileges if the abused zero-day is the one found in XNU. "Apple is aware of a report that this issue may have been actively exploited," Apple said when describing the three zero-day vulnerabilities.

iPhone 5s, iPhone 6, iPhone 6 Plus, iPad Air, iPad mini 2, iPad mini 3, and iPod touch running iOS 12.5.5.

Two zero-days earlier this month, one of them used also used to install Pegasus spyware on iPhones,.

Two iOS zero-day bugs in June that "May have been actively exploited" to hack into older iPhone, iPad, and iPod devices.


News URL

https://www.bleepingcomputer.com/news/apple/apple-fixes-another-zero-day-used-to-deploy-nso-iphone-spyware/

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Apple 138 568 4105 1576 2442 8691