Security News > 2021 > September > Urgent Apple iOS and macOS Updates Released to Fix Actively Exploited Zero-Days

Apple on Thursday released security updates to fix multiple security vulnerabilities in older versions of iOS and macOS that it says have been detected in exploits in the wild, in addition to expanding patches for a previously plugged security weakness abused by NSO Group's Pegasus surveillance tool to target iPhone users.

Chief among them is CVE-2021-30869, a type confusion flaw that resides in the kernel component XNU developed by Apple that could cause a malicious application to execute arbitrary code with the highest privileges.

The exploit is also significant for its ability to get around defenses built by Apple in iOS 14 - called BlastDoor - to prevent such intrusions by filtering untrusted data sent over the texting application.

The patches are available for devices running macOS Catalina and iPhone 5s, iPhone 6, iPhone 6 Plus, iPad Air, iPad mini 2, iPad mini 3, and iPod touch running iOS 12.5.4.

The development also comes as security researchers have disclosed unpatched zero-day flaws in iOS, including a lock screen bypass bug and a clutch of vulnerabilities that could be abused by an app to gain access to users' Apple ID email addresses and full names, check if a specific app is installed on the device given its bundle ID, and even retrieve Wi-Fi information without proper authorization.

Researcher illusionofchaos, who disclosed the latter three issues, said they were reported to Apple between March 10 and May 4.

News URL

http://feedproxy.google.com/~r/TheHackersNews/~3/bSQnUNeQEDM/urgent-apple-ios-and-macos-updates.html