Security News > 2021 > September > Apple warns of arbitrary code execution zero-day being actively exploited on Macs
Apple has warned iPhone and Mac users that it's aware of a zero-day bug that's being actively exploited.
It's a nasty flaw, as it's in the XNU kernel at the heart of Apple's operating systems including macOS and iOS. As Apple's advisory explains, that means "A malicious application may be able to execute arbitrary code with kernel privileges".
The kicker: "Apple is aware of reports that an exploit for this issue exists in the wild."
The flaw's also present in older versions of iOS, and impacts the iPhone 5s, iPhone 6, iPhone 6 Plus, iPad Air, iPad Mini 2, iPad Mini 3, and iPod Touch.
The fix is iOS 12.5.5, which Apple's advisory points out also addresses arbitrary code execution flaws in WebKit and CoreGraphics.
While you're letting Apple's machines patch themselves up, consider that the company appears not to have fixed a similar remote code execution flaw in the macOS Finder, despite third-party researchers trying to fix it.
News URL
https://go.theregister.com/feed/www.theregister.com/2021/09/24/apple_zero_day/
Related news
- Apple fixes two zero-days used in attacks on Intel-based Macs (source)
- Apple Releases Urgent Updates to Patch Actively Exploited Zero-Day Vulnerabilities (source)
- Apple fixes 2 zero-days exploited to breach macOS systems (CVE-2024-44309, CVE-2024-44308) (source)
- Apple Patches Two Zero-Day Attack Vectors (source)