Security News > 2021 > September > Apple warns of arbitrary code execution zero-day being actively exploited on Macs

Apple warns of arbitrary code execution zero-day being actively exploited on Macs
2021-09-24 05:01

Apple has warned iPhone and Mac users that it's aware of a zero-day bug that's being actively exploited.

It's a nasty flaw, as it's in the XNU kernel at the heart of Apple's operating systems including macOS and iOS. As Apple's advisory explains, that means "A malicious application may be able to execute arbitrary code with kernel privileges".

The kicker: "Apple is aware of reports that an exploit for this issue exists in the wild."

The flaw's also present in older versions of iOS, and impacts the iPhone 5s, iPhone 6, iPhone 6 Plus, iPad Air, iPad Mini 2, iPad Mini 3, and iPod Touch.

The fix is iOS 12.5.5, which Apple's advisory points out also addresses arbitrary code execution flaws in WebKit and CoreGraphics.

While you're letting Apple's machines patch themselves up, consider that the company appears not to have fixed a similar remote code execution flaw in the macOS Finder, despite third-party researchers trying to fix it.


News URL

https://go.theregister.com/feed/www.theregister.com/2021/09/24/apple_zero_day/

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Apple 72 238 1567 2279 265 4349