Security News > 2021 > September > A new zero-day is being exploited to compromise Macs (CVE-2021-30869)

A new zero-day is being exploited to compromise Macs (CVE-2021-30869)
2021-09-24 10:31

Another zero-day in Apple's software is being actively exploited by attackers, forcing the company to push out security updates for macOS Catalina and iOS 12.

Flagged by researchers Erye Hernandez and Clément Lecigne of Google's Threat Analysis Group and Ian Beer of Google Project Zero, the vulnerability is a type confusion issue found in XNU, the kernel of Apple's macOS and iOS operating systems.

As usual, Apple did not share any details about the flaw, and said only that it allows a malicious application to execute arbitrary code with kernel privileges.

Another Google TAG threat analyst shared that CVE-2021-30869 is being exploited in conjunction with a previously known WebKit vulnerabilities, and said that more details will be released after 30 days.

Co/yvCWPo45fL. We saw this used in conjunction with a N-day remote code execution targeting webkit.

The iOS 12.5.5 security update also contains fixes for CVE-2021-30860 - the "Zero-click" iMessage vulnerability exploited to deliver spyware that was patched in newer versions of iOS ten days ago - and CVE-2021-30858 - an actively exploited RCE in WebKit.


News URL

http://feedproxy.google.com/~r/HelpNetSecurity/~3/MbAbd0rxj9A/

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2021-08-24 CVE-2021-30860 Integer Overflow or Wraparound vulnerability in multiple products
An integer overflow was addressed with improved input validation.
local
low complexity
apple xpdfreader freedesktop CWE-190
7.8
2021-08-24 CVE-2021-30858 Use After Free vulnerability in multiple products
A use after free issue was addressed with improved memory management.
network
low complexity
apple fedoraproject debian CWE-416
8.8
2021-08-24 CVE-2021-30869 Type Confusion vulnerability in Apple products
A type confusion issue was addressed with improved state handling.
local
low complexity
apple CWE-843
7.8