Apple warns of arbitrary code execution zero-day being actively exploited on Macs

2021-09-24 05:01

Apple has warned iPhone and Mac users that it's aware of a zero-day bug that's being actively exploited.

It's a nasty flaw, as it's in the XNU kernel at the heart of Apple's operating systems including macOS and iOS. As Apple's advisory explains, that means "A malicious application may be able to execute arbitrary code with kernel privileges".

The kicker: "Apple is aware of reports that an exploit for this issue exists in the wild."

The flaw's also present in older versions of iOS, and impacts the iPhone 5s, iPhone 6, iPhone 6 Plus, iPad Air, iPad Mini 2, iPad Mini 3, and iPod Touch.

The fix is iOS 12.5.5, which Apple's advisory points out also addresses arbitrary code execution flaws in WebKit and CoreGraphics.

While you're letting Apple's machines patch themselves up, consider that the company appears not to have fixed a similar remote code execution flaw in the macOS Finder, despite third-party researchers trying to fix it.

News URL

https://go.theregister.com/feed/www.theregister.com/2021/09/24/apple_zero_day/

#apple #codeexecution #MAC #zeroday

Related vendor

VENDOR	LAST 12M	#/PRODUCTS	LOW	MEDIUM	HIGH	CRITICAL	TOTAL VULNS
Apple		133	567	4110	1593	2411	8681

News URL

Related news

Related vendor