Apple releases patches for Catalina and iOS 12.5.5 vulnerabilities

0
136

Jonathan Greig

By

Jonathan Greig

| September 23, 2021

| Topic: Apple

Apple released security updates for three vulnerabilities in both macOS Catalina and iOS 12.5.5 that are currently being exploited in the wild. 

CVE-2021-30869 is an XNU vulnerability found in macOS, iPhone 5s, iPhone 6, iPhone 6 Plus, iPad Air, iPad mini 2, iPad mini 3, and iPod touch that allows malicious applications to execute arbitrary code with kernel privileges.

Apple said there are reports that an exploit for the vulnerability exists and said it was addressed “with improved state handling,” noting that it was discovered by Google Threat Analysis Group members Erye Hernandez and Clément Lecigne as well as Ian Beer of Google Project Zero.

CVE-2021-30860 was discovered by Citizen Lab and may be connected to the NSO Pegasus spyware that was used to break into Apple devices. The vulnerability affects iPhone 5s, iPhone 6, iPhone 6 Plus, iPad Air, iPad mini 2, iPad mini 3, and iPod touch (6th generation).

There was significant outrage when Citizen Lab released multiple reports this year showing how NSO Pegasus spyware gave certain nation-states and criminal actors full access to Apple devices. CVE-2021-30860, as Citizen Lab described in their latest report, relates to how threat actors could use the processing of a maliciously crafted PDF to execute arbitrary code.

Apple admitted in the release that it has been actively exploited and said it was addressed “with improved input validation.”

The third vulnerability — CVE-2021-30858 — affects the same devices as the first two and was submitted anonymously. Apple explained that the vulnerability relates to how processing maliciously crafted web content can lead to arbitrary code execution. Like the others, Apple said it was aware that it may have been actively exploited. 

Apple said they solved the issue with “improved memory management.”

Security

T-Mobile hack: Everything you need to know

Surfshark VPN review: It’s cheap, but is it good?

The best browsers for privacy

Cyber security 101: Protect your privacy

The best antivirus software and apps

The best VPNs for business and home use

The best security keys for 2FA

The ransomware threat is growing: What needs to happen to stop attacks getting worse? (ZDNet YouTube)

Related Topics:

Security

iPhone

Hardware

Mobility

Smartphones

Tablets

Jonathan Greig

By

Jonathan Greig

| September 23, 2021

| Topic: Apple