Security News > 2021 > September > Apple fixes another zero-day used to deploy NSO iPhone spyware
Apple has released security updates to fix three zero-day vulnerabilities exploited in the wild by attackers to hack into iPhones and Macs running older iOS and macOS versions.
Based on the info shared by Apple in today's security advisories [1, 2] at least one of the bugs was likely used to deploy NSO Pegasus spyware on hacked devices.
Successful exploitation of any of these bugs leads to arbitrary code execution on compromised devices, with kernel privileges if the abused zero-day is the one found in XNU. "Apple is aware of a report that this issue may have been actively exploited," Apple said when describing the three zero-day vulnerabilities.
iPhone 5s, iPhone 6, iPhone 6 Plus, iPad Air, iPad mini 2, iPad mini 3, and iPod touch running iOS 12.5.5.
Two zero-days earlier this month, one of them used also used to install Pegasus spyware on iPhones,.
Two iOS zero-day bugs in June that "May have been actively exploited" to hack into older iPhone, iPad, and iPod devices.
News URL
Related news
- Apple fixes two new iOS zero-days exploited in attacks on iPhones (source)
- Apple's trademark tight lips extend to new iPhone, iPad zero-days (source)
- Pegasus Spyware Targeted iPhones of Journalists and Activists in Jordan (source)
- Google says spyware vendors behind most zero-days it discovers (source)
- Fraudsters tried to scam Apple out of 5,000 iPhones worth over $3 million (source)
- Judge orders NSO to cough up Pegasus super-spyware source code (source)
- U.S. Court Orders NSO Group to Hand Over Pegasus Spyware Code to WhatsApp (source)
- Urgent: Apple Issues Critical Updates for Actively Exploited Zero-Day Flaws (source)
- Apple fixes two actively exploited iOS zero-days (CVE-2024-23225, CVE-2024-23296) (source)
- Google: Spyware vendors behind 50% of zero-days exploited in 2023 (source)