Apple fixes exploited Zero-Days with Urgent Apple iOS and macOS updates

In addition to extending fixes of previously fixed security vulnerabilities exploited by NSO’s Group Pegasus spying program that targets iPhone users, on Thursday, Apple issued urgent security upgrades to address numerous security flaws in earlier iOS and macOS releases.

Apple Zero Days

The release of the updates comes as a response to unpatched zero-day flaws in the iOS, related to a lock screen bypass and a set of vulnerabilities that may be exploited to obtain access to Apple ID user email addresses and full names, the apps installed on the device, and also some Wi-Fi information.

The most important of them is CVE-2021-30869, a type confusion issue in Apple’s kernel XNU component that may lead to a hostile program to perform high-privileged arbitrary code. The technology company headquartered in Cupertino claimed it dealt with the issue by improving state management.

The bug report, attributed to Google Threat Analysis group, stated that the vulnerability is being exploited in combination with an N-day remote code execution targeting WebKit.

The updates cover two more flaws tracked as CVE-2021-30858 and CVE-2021-30860, which were fixed earlier this month after an attack dubbed “FORCEDENTRY” (aka Megalodon) was disclosed to target Apple devices through zero-click attacks.

The FORCEDENTRY attack, which was exploiting the CVE-2021-30860 vulnerability, was relying on iMessage to deliver malicious code that introduced the Pegasus spyware on the devices with the idea to exfiltrate sensitive information from them without showing any visible signs of the data-theft activity. This vulnerability is particularly dangerous for its ability to overcome Apple’s iOS-built protection, known as BlastDoor, created to filter untrusted data sent through the messaging application.

The latter three vulnerabilities are claimed to have been reported to Apple in the period between 10th  of March and 4th  of May. Patches for iPhone 5s, iPhone 6, iPhone 6 Plus, iPad Air, iPad mini 2, iPad mini 3, iPod Touch (sixth generation), iOS 12.5.4 and MacOS Catalina are available and users are urged to get them as soon as possible.


About the author

Lidia Howler

Lidia is a web content creator with years of experience in the cyber-security sector. She helps readers with articles on malware removal and online security. Her strive for simplicity and well-researched information provides users with easy-to-follow It-related tips and step-by-step tutorials.

Leave a Comment