On 23 September 2021, Apple released security updates to fix a vulnerability, exploited by threat actors, in older versions of iOS and macOS. We recommend applying the latest updates as soon as possible.
- A privilege escalation vulnerability, CVE-2021-30869, could allow a malicious application to execute arbitrary code with the highest privileges. Apple addressed a confusion error in XNU, the OS kernel used by macOS and iOS, with the latest update introducing improved state handling. A threat actor would need to authenticate on the system to exploit this vulnerability.
- The flaw is being exploited together with other previously-reported vulnerabilities:
- CVE-2021-30860 (in the CoreGraphics framework)
- CVE-2021-30858 (in the WebKit browser engine)
- For these two vulnerabilities, the updates for iOS 14 were released on 13 September, but are now also available for iOS 12.
- The following updates in Apple products need to be applied to fix these vulnerabilities:
- iOS 12.5.5 for iPhone 5s, iPhone 6, iPhone 6 Plus, iPad Air, iPad mini 2, iPad mini 3, and iPod touch (6th generation)
- Security Update 2021-006 for macOS Catalina
- If you are using any of the vulnerable Apple products, ensure you have the latest updates installed.
- Check for and install software updates on your device manually by going to Settings > General > Software Update.